Guys,
I need to share stream on graylog with multiple users. I want to use rest API for that.
The users already exist in my graylog, the problem is only associate the user with the stream.
Learning the API-Browser, I didn’t find how to work that
I followed the step:
Create the permission for user
API /users
JSON '{"permissions": [ "streams:read:602ad48eec1ab24c865cd285"]}'
share permission on entities
API /authz/shares/entities/{entityGRN}
entityGRN = grn::::stream:602afd2296ca933d41b20709
JSON '{ "selected_grantee_capabilities": { "grn::::stream:602afd2296ca933d41b20709": view"}}'
after, when I check the API /authz/shares/user/{userId}, to see the entities permission. And nothing work. look
"context": {
"grantee_capabilities": {}
}
But, when I try again the entities permission, I receive this message:
Your first step is not necessary. Required step is to only assign permission to stream for user, your step two
You use wrong parameter in step two. You use ID of stream and not ID user. Correct format for JSON: {"selected_grantee_capabilities":{"grn::::user:USER_ID":"view"}}
USER_ID should be ID of user, and not stream ID.
Complete example using curl: curl 'http://172.28.128.15/api/authz/shares/entities/grn::::stream:STREAM_ID' -H 'Accept: application/json' -H 'Authorization: Basic BASE64' -H 'Content-Type: application/json' --data-raw '{"selected_grantee_capabilities":{"grn::::user:USER_ID":"view"}}'
Use your selected authentication for API: user name, password, token or session token.
If you want to share stream with multiple user you need to specify all users in API: {"selected_grantee_capabilities":{"grn::::user:USER1_ID":"view","grn::::user:USER2_ID":"view"}}
If you want to only add new user, you can use API /api/authz/shares/entities/grn::::stream:STREAM_ID/prepare with request {} and use it to return already assigned permissions for other users. Then use it as input, concatenate with new NEW_USER_ID using jq:
