Access controls
Cloud.gov Logs uses OpenSearch in a multi-tenant configuration that enforces strict isolation of customer data.
Access controls are designed to ensure users can only view logs and dashboards that correspond to their platform organization and space access.
Document access
Each log or metric is stored as a document in OpenSearch.
When Cloud.gov ingests these documents, it tags them with metadata:
| Field | Purpose |
|---|---|
@cf.org | Organization name where the log originated |
@cf.space | Space name where the log originated |
@cf.org_id, @cf.space_id | Platform-unique identifiers |
These identifiers are used to enforce document-level access through OpenSearch’s Document Level Security (DLS) feature.
What this means is that users can only see documents that match the organizations and spaces that they can access on the platform.
Dashboard objects: Tenant-based access
When you log in to Cloud.gov Logs:
- You are prompted to select a tenant.
- Each tenant maps to a platform organization that you can access.
- Saved searches, visualizations, and dashboards are stored inside that tenant.
Because tenants are scoped to organizations, no data or dashboard objects are shared across organizations by default.
Saved objects per tenant
Objects stored under your tenant include:
- Saved queries
- Dashboards
- Visualizations
Only users with access to the same platform organization can view or modify these items.