Graylog permissions for specific inputs

Hello!
Is it possible to edit role permissions (trough API) in such a way that specific Role, for example “Test_Test_Role” has permissions for reading/editing Input “Test_Test_Input” AND only that specific Input?

For example this does not work:

{
“name”: “Test_Test_Role”,
“description”: “…”,
“permissions”: [
“clusterconfigentry:read”,
“indexercluster:read”,
“messagecount:read”,
“journal:read”,
“searches:absolute”,
“searches:keyword”,
“searches:relative”,
“inputs:read:Test_Test_Input”, <================
“inputs:edit:Test_Test_Input”, <================
“metrics:read”,
“savedsearches:edit”,
“fieldnames:read”,
“collectors:read”,
“collectors:delete”,
“collectors:edit”,
“collectors:create”,
“buffers:read”,
“system:read”,
“savedsearches:create”,
“jvmstats:read”,
“throughput:read”,
“savedsearches:read”,
“messages:read”,
“streams:create”,
“streams:edit:",
"streams:read:
”,
“dashboards:create”,
“dashboards:edit:",
"dashboards:read:

],
“read_only”: false
}

Alright I found the solution :slight_smile:

On your machine with Graylog :

curl -XGET -u ADMIN:PASSWORD ‘http://your.graylog.api:9000/api/system/inputs?pretty=true’ | grep id

Find ID of the Input you are interested in, copy it and instead of using input name (as seen in Graylog web) use that ID in permissions:

“inputs:read:5ba0f98356a3a56e75ce17c7”,
“inputs:edit:5ba0f98356a3a56e75ce17c7”,

I guess it works the same way with dashboards, streams, alerts etc.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.