I am trying to find a way to provide Kibana to multiple users and isolate them all within their own data silos.
We will be providing a dashboard (written in .Net) that will allow users to manage their accounts and platform configurations - most-likely all written to an ES index.
I would also like to give each user their own Kibana dashboard - most-likely provided through an IFrame, or offer Kibana menu items in our dashboard then the Kibana screen in an IFrame. Open to options on this.
All requests would go through this dashboard - application abstraction layer - so no direct access to ES or Kibana.
The issue would be authentication. I realize that we can use index/document-level authorization through X-Pack. However what if we modified the Kibana code so that the request pipeline included one or more optional user ID parameters/object (maybe _user.metadata hash, index name, etc.). If present it would be added to the ES query, there-by isolating the results to and only for that user/account.
One suggestion was to create isolated Kibana instances with Docker containers - not an option for this multi-tenant platform.