last year I installed a Graylog cluster in our organization and it works great .
We recently opened Graylog for other departments who would like to create and edit alarms for their own needs. Currently, they want to create alarms so when a certain application is throwing an error the responsible team and only that team receives an e-mail. Since all notifications of a stream are triggert if only one condition is true a new stream per application is required. So in order to meet their requirements we would have to give them create/edit/read permissions on streams and alerts, but we cannot do that since it would give all users access to all messages by defining a stream rule like “source = *” (departments are not allowed to see logs with sensible information). I also noticed that in order to create alarm conditions/notifications the user requires edit permissions on the stream the alarm is bound to.
I know that with the current version of Graylog, giving users edit permissions on streams allows full access to all messages, but is there a way to allow the users to create and edit alarms without giving them full access? Currently, they have to contact us every time when an alarm has to be created or modified, which happens quite often and is not a great user experiance .
Thank you all very much.