for indices, i think that should be taken care of by index privilege. each client will have their own user with only privileges to the indices storing their logs.
however i’m not sure how to handle Detections tabs as it only mentions privileges on .siem-signals- . my reading on the docs is that all signals will be stored on a single indices, which means a client will probably be able to see signals from other clients