Multitenancy behaviour in 1.13.x security plugin

Hi,
I m using OD security plugin 1.13.x and below is one observation which i think is not right. I have 2 users in internal_user.yml(admin, kibanaserver).
Case 1: With admin user - I created some index patterns in Global tenant. The index pattern created in global tenant is not visible in private tenant or custom-tenant.

Case 2: With username set in ES config.yml (kibanaserver) - I created some index patterns in Global tenant. The index pattern created in global tenant is visible in private tenant.

Below is my config.yml.

_meta:
  type: "config"
  config_version: 2
config:
  dynamic:
    kibana:
       
       multitenancy_enabled: true
       server_username: kibanaserver
    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
        internalProxies: ".+"
    authc:
      basic_internal_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: "basic"
          challenge: true   
          config: {}
        authentication_backend:
          type: "intern"
          config: {}
       

Why in Case 1 Global tenant obejcts are not visible in private and custom tenant?

Objects (index patterns, visualizations, dashboards) created in one tenant are not supposed to be visible on another tenant. So, on your case 1, I’d say things work by design.

Regarding case 2, is it possible that you had created the same index pattern to the private tenant in the past? Because as I mentioned, normally when you create an index pattern in the global tenant, it will not appear anywhere else (including private tenant).

Feel free to run another test to double-check that.

@chaitra I think the kibana_server role, that you have kibanaserver user mapped to, has access to all tenants, as it is created for connecting kibana to elasticsearch.