How to enable multi-tenancy
Tenants in the ThreatLockDown dashboard are spaces for saving index patterns, visualizations, dashboards, and other objects. Tenants are useful for safely sharing your work with other users. You can control which roles have access to a tenant and whether those roles have read or write access. By default, all the ThreatLockDown dashboard users have access to two independent tenants:
Global: This tenant is shared between every ThreatLockDown dashboard user.
Private: This tenant is exclusive to each user and can’t be shared. You can’t use it to access routes or index patterns made by the user’s global tenant.
Configuration
To enable multi-tenancy, follow the instructions below.
Edit the
/etc/wazuh-dashboard/opensearch_dashboards.yml
configuration file and make the following changes:Set the
opensearch_security.multitenancy.enabled
setting to true.Add the following line:
opensearch_security.multitenancy.tenants.preferred: ["Global", "Private"]
.This setting lets you change ordering in the Tenants tab of the ThreatLockDown dashboard. By default, the list starts with global and private (if enabled) and then proceeds alphabetically. You can add tenants here to move them to the top of the list.
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: true opensearch_security.multitenancy.tenants.preferred: ["Global", "Private"] opensearch_security.readonly_mode.roles: ["kibana_read_only"]
Additionally, you can edit the
uiSettings.overrides.defaultRoute
to set a default tenant, for example, global, each time a user logs in.uiSettings.overrides.defaultRoute: /app/wz-home?security_tenant=global
Restart the ThreatLockDown dashboard so changes can take effect.
# systemctl restart wazuh-dashboard
# service wazuh-dashboard restart