Edit Extractor Permissions


(Bashere1) #1

I’m have attempted to create a Power user type role though the API, but am having difficulties locating the proper permissions for allowing a power user to edit extractors. I’ve already tried to set the following permissions with no luck. I should add that create and delete work, but edit always redirect the user back to streams overview page.

{
     "name": "Power",
     "description": "Grants Power User permissions",
     "permissions": [
       "dashboards:read:*",
       "dashboards:edit:*",
       "dashboards:create",
       "inputs:read:*",
       "inputs:edit:*",
       "inputs:terminate:*",
       "inputs:create",
       "stream_outputs:create::*",
       "stream_outputs:edit::*",
       "stream_outputs:terminate::*",
       "stream_outputs:read::*",
       "sources::read::*",
       "indexranges::read::*",
       "indexranges::rebuild::*",
       "indexercluster::read::*",
       "indexsets::read::*",
       "indexsets::create::*",
       "indexsets::edit::*",
       "pipeline::create::*",
       "pipeline::read::*",
       "pipeline::delete::*",
       "pipeline::edit::*",
       "indicies::changestate::*",
       "indicies::delete::*",
       "indicies::failures::*",
       "indicies::read::*",
       "decorators::create::*",
       "decorators::read::*",
       "decorators::edit::*",
       "stream_outputs::delete::*",
       "stream_outputs::read::*",
       "stream_outputs::create::*"
     ],
     "read_only": false
   }

(Jochen) #2

The required permission is inputs:edit:<input-id>:

Are there any error messages in the console of your web browser or in the logs of your Graylog node(s), if a user with the “Power” role tries editing an input?


(Bashere1) #3

Shouldn’t the wildcard on (“inputs:edit:*”) work to allow permission then? It’s getting a 403 on the following url, but no errors in the graylog log.

https://mygraylogserver.com/api/search/universal/relative?query=gl2_source_input%3A58ee78e8dd5e93d0889137e3%20OR%20gl2_source_radio_input%3A58ee78e8dd5e93d0889137e3&limit=1


(Bashere1) #4

I think I’m making this harder then it really is. I’ve tried every combination I can think of and it seems like using the wildcard is hit or miss on applying permissions. I’ll try to provide some examples. None of the settings besides #1 even get close. I’m not understanding how the “*” works when applying permissions.

  1. This is the only configuration that actually shows and will allow you to at-least see the drop down link (system/inputs) and extractors on /system/inputs/58ee78e8dd5e93d0889137e3/extractors". This is the config that gets the 403 when clicking on the edit button.
    {
    “name”: “test”,
    “description”: “test”,
    “permissions”: [
    “streams:read:58ee87e3dd5e93de9f7903cd”,
    “streams:edit:58ee87e3dd5e93de9f7903cd”,
    “streams:read:58ffbbb2aaf7115ddb9cbd85”,
    “streams:edit:58ffbbb2aaf7115ddb9cbd85”,
    “inputs:edit:",
    "inputs:terminate:
    ”,
    “inputs:read:",
    "inputs:create:

    ],
    “read_only”: false
    }

  2. Does not show the edit button /system/inputs
    "inputs::",

  3. Does not show the edit button /system/inputs

    “inputs:*”,

  4. Does not show the edit button under /system/inputs
    "inputs:edit",
    “inputs:terminate”,
    “inputs:read*”,
    “inputs:create”

"inputs:edit:58ee78e8dd5e93d0889137e3:a038d190-2ec6-11e7-810c-005056aa48f1",
"inputs:read:58ee78e8dd5e93d0889137e3:a038d190-2ec6-11e7-810c-005056aa48f1",
"inputs:edit:58ee78e8dd5e93d0889137e3:*",
"inputs:read:58ee78e8dd5e93d0889137e3:*",

(Tobias) #5

Hello,
I’d like to take that up again.
I think there’s a bug here.
I have a role with rights like
"inputs: create: *",
“inputs: edit: *”,
“inputs: read: *”,
“extractor: create.”
“extractor: delete.”
“extractor_order: update”,
“extractor: update”,
I can see the extractors, but when I go to Edit, the NotFound page appears.
Have tried several combinations, but without success.

I would have liked to be able to create and edit the extractors.
However, without modifying or creating inputs.
If I remove inputs: create, you can’t create pipelines anymore.
Am I doing it a little wrong, or is it a bug?

thank you
Tobias