Custom Roles and Right

Hi !

I’m wondering if it’s possible to give special rights to a user via a custom role.
I know we can give access to existing streams and dashboards but for some specific user(s), we want to let them create streams or manage extractors on an input.

Thanks for your help.

As far I understand the Docs, it’s not possible. And makes sense to me, because you can go deep to the system with setup a stream.

you can create custom roles via API, like described:

http://docs.graylog.org/en/3.1/pages/faq.html#how-can-i-create-a-restricted-user-to-check-internal-graylog-metrics-in-my-monitoring-system

All available permissions can be retrieved via API [GRAYLOG]/api/system/permissions

But, you can’t restrict them for only a named input, or I’m wrong?

in the way it was original ask. Because extractors are part of the input - you can only give someone the ability to create and manage inputs but not one specific only.

Streams are standalone. It would be able for someone with the ability to create streams to gain access to data he should not get access too because he just give a stream rule that makes this visible to him.

The decision tree is not based on the way messages are ingested, it is based on the elements in Graylog.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.