I’m trying to list some stuff using the API, specifically the /sidecars/all endpoint.
If I use curl with a token for an administrator user it works fine but I don’t want to five my automation so much power just to list something.
I tried all the available roles and besides administrator none grants my user permisions to view sidecars.
I also tried using a token from the “Sidecar System User (built-in)” which I already thought it has too much power just for viewing but surprisingly it’s still not authorized:
{"type":"ApiError","message":"Not authorized"}
I know my request is correct because I get the proper json list if I use a token from the admin user.
TL;DR can I GET /api/sidecars/all with anything less than admin privileges?
FWIW I tried with 4.2.2 and the latest (as of now) 4.2.5. Running the official docker with mongo 4.2 and elastic 7.10.2
We might be able to help you but could you explain in greater detail what your doing or trying to accomplish ?
I kind of understand but I’m not to sure. What I understand is you want to use the Graylog API and you need to use a UserName/Password, but you don’t what to use credentials? Is this correct?
I’m trying to do a GET /api/sidecars/all Until now the only credentials that are allowed are the admin ones (either user/pass or token). What I want is to create a user with less privileges than admin to use for this API call.
I tried creating a new user and started granting roles one by one but the only role that allowed the user to do GET on /api/sidecars/all is admin
I also tried using the “Sidecar System User (built-in)” user but again it doesn’t have enough permisions.
Is it possible to read this API from a user with less privileges than admin ?
I logged in with user “test”, navigated to System/Nodes and click on “API browser”. I was able to read and execute GET /API’s using my user called “test” credential. Depend on your installation to can use AD to sync permissions/groups but this would require Enterprise edition but its free under 5GB day.
Just tested this out and I have the same results. If I’m reading this correct, I would assume that having the sidecar role would allow that a user should see and configure sidecars .
