Search Guard FLX 2.0.0

Release Date: 2024-05-15

If you’re upgrading to SG FLX 2.0.0, please review the upgrade guide. This version introduces backwards-incompatible changes.


Please make sure to read the documentation for upgrading to Search Guard FLX 2.0.0

BREAKING: Multi-Tenancy has been reimplemented

Search Guard no longer maintains separate indices for each tenant. Instead, when multi-tenancy is enabled, it modifies saved objects on the storage level. The IDs of saved objects are extended with the tenant ID, and a new attribute sg_tenant is added to each saved object, which contains the tenant ID. Search Guard modifies all saved objects except those belonging to the Global tenant.

BREAKING: The Kibana Multi-Tenancy configuration has moved to the backend plugin

The Multi-Tenancy configuration has been moved from the Kibana plugin to the Elasticsearch plugin, and will need to be removed from kibana.yml. Instead, some of the settings are now available in sg_frontend_multi_tenancy.yml. Some settings have been removed, including support for the private tenant. This applies to the settings prefixed searchguard.multitenancy.:

Setting Status Corresponding setting in sg_frontend_multi_tenancy.yml
enabled moved enabled
tenants.enable_global moved global_tenant_enabled
tenants.enable_private removed  
tenants.preferred moved preferred_tenants
show_roles removed  
enable_filter removed  
saved_objects_migration.* removed  
debug still available  

BREAKING: Support for Private tenants have been removed

Private tenants are no longer supported.

You can still use the Global tenant and define an arbitrary number of additional tenants in sg_tenants.yml.

BREAKING: Permissions required to authorize users to access the Kibana user interface have been changed

If Multi-Tenancy is disabled, then the following roles SGS_KIBANA_USER, SGS_KIBANA_USER_NO_GLOBAL_TENANT and SGS_KIBANA_USER_NO_DEFAULT_TENANT are insufficient for a user to access the Kibana user interface. The role SGS_KIBANA_USER_NO_MT should be used instead. For more details, please see Search Guard 2.0.0 Upgrade Guide.

Bug Fixes

Signals: Could not delete an alert from the execution history

Deleting an alert from the watch execution history returned an error.