we’ve tested by creating a separate datasource for each organisation. We then manipulated the headers on the msearch queries on the client and forged a different index name in the query. We were not pleased to see that it was passed nicely to Elasticsearch by Grafana and we accessed data meant for a different organisation.
I was under the impression that Grafana does protect the datasource of an org but obviosly this is not the case?
We’re running 4.6.3.
Could you verify this please?