Restrict write access on global tenant

I’m using OpenDistro 1.13.2

Is it possible to actually restrict write access to global tenant? In one use-case, I have multiple teams (each one working on their dedicated tenant) and while I want them to be able to read viz/dashboards in global tenant, I don’t want them to be able to create viz/dashboards there, not even on their respective index patterns.

If I am not mistaken, the default kibana_user role is actually providing access to global tenant (through providing access to the relevant kibana indices). I have played with it and the permissions it gives but haven’t really managed anything.

If you have any ideas please let me know. Thanks a lot in advance.

@spapadop This can be achieved by adding a new role to the users which has required permissions to the global tenant and custom tenants, as per below:

The permissions to the individual indices can be added to the same role.

Thanks, that was simple :slight_smile: