In the above, the user has admin access. In this case, the user is trying to access another index .tenants and he is getting 403 error. Why is he getting 403 error when he has admin access. Do we assume that indexes that start with dot are kibana indexes?
No, it’s because kibana_access: admin does not mean they can access all indices and all actions.
If you want that kind of privilege, just remove the kibana_access rule all together.
This was resulting in some unusual behavior. When the user logged into kibana UI, he was seeing some index patterns. In the meanwhile, we have tenant specific user with restrictive access and specific kibana index, who logged in via a SCRIPT to update his dashboards. In the meanwhile we refreshed the UI of the above logged user in the UI, it was showing index patterns of the user who logged in via the script.
Well, if you don’t specify their own kibana index, they will fall back to using “.kibana” or whatever is the default kibana index you configured in Kibana.
If you don’t configure a unique kibana index, the user will be associated to the default tenancy.