Multi-tenancy in Search with OpenSearch
Learn about using multi-tenancy with OpenSearch.
OCI Search with OpenSearch supports the multi-tenancy OpenSearch feature. Tenants are spaces to save index patterns, visualizations, and other OpenSearch Dashboards objects, which enables you to share them with other OpenSearch Dashboards users.
The following tenants are available by default:
- Private: Specific to the user, and can't be shared.
- Global: Shared with all OpenSearch Dashboard users, however the user's role must be granted access to the global tenant.
You can also create additional tenants, and grant roles read or read/write access to those tenants.
For more information, see OpenSearch Dashboards multi-tenancy.
Enabling Multi-Tenancy in Search with OpenSearch
To use the multi-tenancy feature in Search with OpenSearch, the security mode for the cluster must be set to enforcing. For more information about how to check this setting, and update if necessary, see Verify Security Mode and Updating Cluster Security Mode to Enforcing.
Multi-tenancy should be enabled by default for new clusters. You can check if multi-tenancy is enabled for your cluster by making a get request with the Configuration API:
GET _plugins/_security/api/securityconfigThe following response example shows the relevant part of the response for determining if
the multi-tenancy feature is enabled, specifically the multitenancy_enabled
attribute in the kibana element.
{
"config" : {
"dynamic" : {
"filtered_alias_mode" : "warn",
"disable_rest_auth" : false,
"disable_intertransport_auth" : false,
"respect_request_indices_options" : false,
"kibana" : {
"multitenancy_enabled" : false,
"server_username" : "kibanaserver",
"index" : ".kibana"
},
<additional securityconfig response returned for GET request>...If you need to enable multi-tenancy, use a put request with the Configuration API to update the setting, as shown in the following example:
PUT _plugins/_security/api/securityconfig/config
{
"dynamic": {
"security_mode": "ENFORCING",
"kibana": {
"multitenancy_enabled": true,
"server_username": "kibanaserver",
"index": ".kibana_1"
},
<additional securityconfig details for PUT request>...Using Multi-Tenancy in Search with OpenSearch
After you've confirmed that the multi-tenancy feature is enabled for your cluster, you can do the following:
Create a tenant. You must have admin permissions to create a new tenant.
Give roles access to tenants. In addition to doing this for any custom tenants you create, you also need to do this for the global tenant. You can grant roles read access or read/write access to tenants.
Switching Tenants
To switch tenants when you're logged into OpenSearch Dashboards:
- Click the icon for your account in the top menu.
- Click Switch tenants. If you can't select the tenant you want to access, check that your user account is assigned to a role that has permissions to that tenant.