Hello all,
A quick question regarding parameter substitution.
We would like to have it available for tenants (for the moment, my understanding is that it is only available for index permissions as well as dls : Users and Roles - Open Distro Documentation).
The idea would be that this user :
new-user:
hash: "*************"
reserved: false
hidden: false
opendistro_security_roles:
- "role-tenant1"
attributes:
attribute1: "tenant1"
static: false
Would only have access to the tenant tenant1 if the role role-tenant1 was defined like this :
role-tenant1:
reserved: false
hidden: false
cluster_permissions:
- "read"
- "cluster:monitor/nodes/stats"
- "cluster:monitor/task/get"
tenant_permissions:
- tenant_patterns:
- ${attr.internal.attribute1}
allowed_actions:
- "kibana_all_write"
static: false
_meta:
type: "roles"
config_version: 2
I did not find anything on the roadmap yet or any feature request regarding this, do you think this would be an interesting FR (or even PR) ?
Thanks in advance.
Christophe.