[OpenSearch] Multi-tenancy support in security analytics detector

I was just going through open-search multi-tenancy documentation and various indexing strategy. Looks like, we are able to manage the data isolation between tenants using RBAC (user and security roles with tenants).

Let’s say I have two tenants tenant1 and tenant2, both have different access control using Role1 and Role2 respectively with sufficient permissions. And using the security analytics plugin, I’m trying to create one detector using Role1, and findings for the same get generated as per triggered rules. But when I log in using another user using the permissions of Role2, I am able to see findings and alerts created using Role1.

So, is there any way we can configure the multi-tenancy at the alert level for keeping alerts isolated? Is such support available in latest version of OpenSearch?

@kris any idea on this?

@jimishs @praveensameneni - would you or someone from the team be able to provide guidance on this? thank you

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.