This is an older version of Search Guard. Switch to Latest version
Signals is fully compatible with Search Guard multi tenancy. To use multi tenancy with Signals, make sure it is enabled in sg_config.yml first:
sg_config: dynamic: do_not_fail_on_forbidden: true kibana: multitenancy_enabled: true
How it works
Signals multi tenancy works very similar to Kibana multi tenancy.
By using multi tenancy, you can separate the management and execution of watches by tenant:
- Watches in one tenant will not be accessible for users in another tenant.
- Execution of watches in one tenant will not interfere with execution of watches in another tenant.
sg_signals_multitenancy: cluster_permissions: ... index_permissions: ... tenant_permissions: - tenant_patterns: - 'tenant_1' allowed_actions: - 'SGS_SIGNALS_WATCH_MANAGE' - tenant_patterns: - 'tenant_2' allowed_actions: - 'SGS_SIGNALS_READ'
In the example above, a user with the
sg_signals_multitenancy role has
manage permissions for watches in
read only permissions for watches in
Watch execution in multi tenancy mode
When watches are executed in multi tenancy mode, a thread pool is created for each tenant. This means that execution of watches in one tenant will not interfere with execution of watches in other tenants.