Opendistro alerting plugin is not tenant specific

Hi All,

I am using amazon/opendistro-for-elasticsearch-kibana:1.13.1 and amazon/opendistro-for-elasticsearch:1.13.2 version of Opendistro docker images for my setup.

We have two roles one is admin and other as reader who will have only read permission to assigned indices and alerting plugin.

For multitenancy, we have been appending one custom backend role (reader) to each tenant user and some built-in roles. The issue here is user from other tenant able to get the information of alerts, monitors and destination that are created on other tenant.

Created one destination and tried get the information from .opendistro-alerting.config index pattern. The result is:

{
“_index” : “.opendistro-alerting-config”,
“_type” : “_doc”,
“_id” : “dU1e934BaHBp3Qi08bHr”,
“_score” : 1.0,
“_source” : {
“destination” : {
“id” : “”,
“type” : “email”,
“name” : “email-destination”,
“user” : {
“name” : “elk Tenant”,
“backend_roles” : [
“elk-tenant-role”,
“offline_access”,
“admin”,
“uma_authorization”
],
“roles” : [
“elk-tenant-role”,
“own_index”,
“all_access”
],
“custom_attribute_names” : ,
"user_requested_tenant" : null
},
“schema_version” : 3,
“seq_no” : 0,
“primary_term” : 0,
“last_update_time” : 1644827701739,
“email” : {
“recipients” : [
{
“email_group_id” : “azP83X4BxOgYLwZmyNNb”,
“type” : “email_group”
}
],
“email_account_id” : “yjX83X4BbBLDFQ8ES8Hn”
}
}
}
}

From my analysis, creating any object of alerting plugin does not store tenant information as “user_requested_tenant” : null.

Please help me in adding tenant information for alerting plugin of Opendistro.

AFAIK user_requested_tenant does not do anything for alerts. Last time I checked alerts are not tenant specific Alerts should be visible to users who have access to the tenant · Issue #119 · opensearch-project/alerting · GitHub

Thanks @oscark.
I have gone through the issue on github. I think there is no plan in enhancing Opendistro alerting to tenant specific.