Multitenancy - index permission error

Hello all,

I have configured authn/z to LDAP, role mapping that works well, but I’am facing with following error after I select my tenant and click to Discovery:

[    2019-07-11T13:57:24,402][INFO ][c.a.o.s.p.PrivilegesEvaluator] [elasticnode1] No index-level perm match for User [name=opsuser, roles=[Elasticsearch_Group_Seclog, Elasticsearch_Group_Opslog], requestedTenant=Opslog_tenant] Resolved [aliases=[.kibana_333248770_opslog], indices=[ ], allIndices=[.kibana_333248770_opslog_2], types=[ ], originalRequested=[.kibana_333248770_opslog, .kibana_333248770_opslog_2], remoteIndices=[]] [Action [indices:data/read/mget[shard]]] [RolesChecked [own_index, Seclog, Opslog]]
[2019-07-11T13:57:24,409][INFO ][c.a.o.s.p.PrivilegesEvaluator] [elasticnode1] No permissions for [indices:data/read/mget[shard]]

What is the problem? What I have missed?

This is how I solved my problem:

I have had to add my backend roles (resolved LDAP group names) to the “kibana_user” role_mapping.yml.

It is very important to add it to the roles_mapping.yml and not to the roles.yml !