Want to configure multi tenants in opensearch dashboard

gopal · March 22, 2024, 6:56am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

2.6.0

Describe the issue:
created role with cluster_composite_ops_ro and indices_monitor
Tenant- star
not able to use dashboards in new tenants.

Configuration:

Relevant Logs or Screenshots:

Mantas · March 22, 2024, 10:43am

Hi @gopal,

Is there an error message? Would you mind elaborating on “not able to use dashboards in new tenants”?
Could you share your opensearch_dashboards.yml ?

Thanks,
mj

raman004 · March 25, 2024, 7:15pm

review the log file for any error or warning which can provide information about the cause of the issue.

gopal · March 27, 2024, 7:23am

@timestamp":“2024-03-27T07:13:50Z”,“tags”:[“error”,“opensearch”,“data”],“pid”:1,“message”:“[security_exception]: no permissions for [indices:data/read/search] and User [name=GOPALD, backend_roles=[STAR-TENANT, ACCESS_ALL_API], requestedTenant=]”}

Tenant configured on opensearch, its working if use as local account however getting above error while using with openid integrated environment.

gopal · March 27, 2024, 7:28am

Below is the opensearch_dashboards.yml

server:
name: dashboards
host: 0.0.0.0
opensearch.username: “kibanaserver”
opensearch.password: “kibanaserver”
opensearch_security.cookie.secure: false
opensearch.ssl.verificationMode: none
opensearch_security.auth.type: “openid”
opensearch_security.openid.connect_url: “https://.well-known/openid-configuration”
opensearch_security.openid.client_id: “kibana”
opensearch_security.openid.client_secret:
opensearch_security.openid.base_redirect_url: “”
logging.verbose: false
opensearch.ssl.certificateAuthorities: /usr/share/opensearch-dashboards/certs/rootca.pem
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [“Global”, “Private”, “Star_Alliance”]
opensearch_security.readonly_mode.roles: [“kibana_read_only”]
opensearch_security.openid.verify_hostnames: “false”
opensearch_security.openid.root_ca: /usr/share/opensearch-dashboards/certs/rootca.pem
opensearch.requestHeadersAllowlist: [“securitytenant”,“Authorization”]
opensearch_security.multitenancy.enable_filter: false

Mantas · March 28, 2024, 3:50pm

Hi @gopal,

What IdP are you using, keycloak?

Could you share your config.yml file as well?

Thanks,
mj

Mantas · March 28, 2024, 3:57pm

Are the backend roles above mapped to any OpenSearh roles in your roles_mapping.yml or UI?

Could you share the output of GET _plugins/_security/api/rolesmapping ?

Thanks,
mj

Topic		Replies	Views
Multi tenancy in Opensearch Security discuss , troubleshoot , index-management	1	520	January 27, 2023
Issue with Multi-Tenancy and Tenant-specific Dashboard saving in Opensearch Dashboards Security	3	259	February 29, 2024
Roles and permissions - view dashboards Security	8	440	June 4, 2024
Read only role on multitenant Opensearch Dashboards OpenSearch Dashboards	4	21	October 31, 2024
Multitenancy not separating visualizations OpenSearch Dashboards troubleshoot	8	322	December 5, 2023

Want to configure multi tenants in opensearch dashboard

Related topics