My company is a ReadonlyREST Enterprise subscriber.
In a multitenancy kibana configuration based on ldap groups, where each team uses its tenancy kibana secured by an ldap group managed by the team itself.
Is there a simple method to give one or more other teams (other AD group) the possibility of accessing all tenancy?
I am looking for the possibility of giving access to all tenancy to cross-functional teams such as support teams.
Hello @erms77,
The answer is… Maybe! Show me your ACL to see if it’s feasible.
Are you using dynamic varibles inside kibana_index rule to define tenancies dynamically with LDAP groups?
No at the moment we do not use dynamic variables in the construction of our RoR configuration.
(Our RoR configuration is generated by ansible)
Below is a concise example of our conf (in reality we have about 100 tenancies)
What we would like to do is allow a third team (example group AD_GROUP_USER3_MAIN) to access the other two tenancy without having to add them to the AD group of the other two.
Yes, 1.28.2 is ancient. The wildcards were not there in the username configurations.
By the way, we are about to release an even further improved groups mapping feature. There will be documentations and examples in our docs website as well, I will link to this thread once it’s ready.
So what I would do, is wait a day or two, upgrade to 1.35.0 and go with the above suggested configuration (or a refined version of it, once taken in consideration the coming improvements).