I’m have attempted to create a Power user type role though the API, but am having difficulties locating the proper permissions for allowing a power user to edit extractors. I’ve already tried to set the following permissions with no luck. I should add that create and delete work, but edit always redirect the user back to streams overview page.
The required permission is inputs:edit:<input-id>:
Are there any error messages in the console of your web browser or in the logs of your Graylog node(s), if a user with the “Power” role tries editing an input?
I think I’m making this harder then it really is. I’ve tried every combination I can think of and it seems like using the wildcard is hit or miss on applying permissions. I’ll try to provide some examples. None of the settings besides #1 even get close. I’m not understanding how the “*” works when applying permissions.
This is the only configuration that actually shows and will allow you to at-least see the drop down link (system/inputs) and extractors on /system/inputs/58ee78e8dd5e93d0889137e3/extractors". This is the config that gets the 403 when clicking on the edit button.
{
“name”: “test”,
“description”: “test”,
“permissions”: [
“streams:read:58ee87e3dd5e93de9f7903cd”,
“streams:edit:58ee87e3dd5e93de9f7903cd”,
“streams:read:58ffbbb2aaf7115ddb9cbd85”,
“streams:edit:58ffbbb2aaf7115ddb9cbd85”,
“inputs:edit:",
"inputs:terminate:”,
“inputs:read:",
"inputs:create:”
],
“read_only”: false
}
Does not show the edit button /system/inputs
"inputs::",
Does not show the edit button /system/inputs
“inputs:*”,
Does not show the edit button under /system/inputs
"inputs:edit",
“inputs:terminate”,
“inputs:read*”,
“inputs:create”
Hello,
I’d like to take that up again.
I think there’s a bug here.
I have a role with rights like
"inputs: create: *",
“inputs: edit: *”,
“inputs: read: *”,
“extractor: create.”
“extractor: delete.”
“extractor_order: update”,
“extractor: update”,
I can see the extractors, but when I go to Edit, the NotFound page appears.
Have tried several combinations, but without success.
I would have liked to be able to create and edit the extractors.
However, without modifying or creating inputs.
If I remove inputs: create, you can’t create pipelines anymore.
Am I doing it a little wrong, or is it a bug?