I’m not sure if anyone else has run into this caveat (or maybe I’m the only one), but a pointer into the right direction would be very much appreciated!
I’ve created a few user (read-only) accounts, set to view specific streams and/or dashboards, and what I’m running into is that each of these users have access to the System / Input menu, being able to see all inputs, ports and especially input names on the whole system, thus giving them “sensitive” information as to who and what else is on the system.
Even though my understanding from reading the docs is that there’s no easy workaround for this (or workaround at all), this thread got me thinking after having a look at creating users through the REST API, but I can’t seem to find a way to tweak this.
I’ve read and reread that specific message in the thread a few times now (it’s still ringing in my head), but I honestly can’t seem to figure out how that can be applied when creating a new role under System > Authentication > Roles, there’s no further options for this.
I can see the inputs:read permission is set for the users when I launch a query through the REST API, but I’m unsure if it’s possible (or even how) to create a role through the REST API, without the inputs:read part.
I think where I’m really stuck is with the fact that any user we create, has to have either the Reader or Admin roles assigned to it (as mandatory), and that’s where the “inputs:read” config takes place, amonst others.
those two roles are the only pre-created. With the reader role we can say “a user can use the basics” but you can always define your own role and assign only that to the user …
… you might need then to adjust the rights, but that is totally safe to do.