Short url in kibana 8

driveirk · May 20, 2026, 10:44am

ROR Version: 1.69.1_es8.19.15

Kibana Version: 8.19.15

Elasticsearch Version: 8.19.15

Steps to reproduce the issue
Create short url in kibana

**Expected result:
short url

host/s/default/app/r/s/uP4M9

Actual Result:
long url

host/s/default/app/r/s/uP4M9?tenancy=U2FsdGVkX1%2Fr3jYX%2BVbx6gXvH2Nwm8Oiu6OJqgBk0ORHttaapa52Gz8zOLRSfDEogHJ8XDcAc5pblNjkSLaypGv9HBLivAL9a6t0dkOWmmE%3D

Is it possible to prevent Tenancy from being added to the short URL?

If I make a short URL from a lower level to a higher level,
rw user => Unrestricted user
I get an error.

but short url works
host/s/default/app/r/s/D8CZB

{“customer_id”: “6c4a385b-2ae8-4f02-a9cd-ef24addfb5b3”, “subscription_id”: “32d4073f-dc2f-4056-a868-842727c637cd”}

Dzuming · May 20, 2026, 11:41am

Hello,

Currently, the only way is to manually remove the tenancy context from the short URL, as you describe. We are similar to Kibana spaces here, where the context of the selected space is sent in the short URL.

One question: do RW users have a group configured, and an unrestricted user doesn’t have this group in a configuration, or is it a different case?

driveirk · May 20, 2026, 3:12pm

ror example:

- name: "admin"
  type: allow
  ldap_authentication:
    name: "ldap"
  ldap_authorization:
      name: "ldap"
      groups: \["Admin"\]
  kibana_access: unrestricted

- name: "elevated"
  type: allow
  ldap_authentication:
    name: "ldap"
  ldap_authorization:
    name: "ldap"
    groups: \["elevated"\]
  kibana_access: rw

- name: "basic user"
  type: allow
  ldap_authentication:
    name: "ldap"
  kibana_access: rw

Short links created under the “basic user” cannot be opened by other users.
But if the “basic user” first opens admin short link, then he will have my tenancy in the url and at that moment all the links created by the basic user will work.