Limit Stream/Dashboard to Role

(Stewart Middleton) #1


Unless my memory is failing me, it used to be possible to define in a role, a specific Stream or Dashboard to use as the homepage for the role. This appeared to be a useful feature for limiting the available logs a role could access.

(Our use case is that it may not be appropriate for a sub class of users to have access to all the logs within the system)

I am in the process of implementing a new Graylog 2.4 installation, and I now cannot find this feature. I can limit which Streams/Dashboards a role can use, but not force either to be the homepage for the role.

Has it been removed? Did I dream that it was there originally? Is there any way to force access to only a subset of the total logs for a role?


(Jochen) #2

You can create a role with access to specific dashboards and streams on the System/Authentication/Roles page and assign it to a user on the System/Authentication/Users page.

Once you’ve logged in as the respective user, you can assign a stream as start page on the Streams page:

(Stewart Middleton) #3

Thanks for the reply. Whilst I am aware that this is possible, this does not quite meet what we are trying to achieve (and what I believe we previously could do).

In a regulated environment, we can be required to ensure that a given class of Graylog users can only access a limited portion of logs, from the total that are available.

I am sure it used to be the case that a given role could have a Stream or Role imposed as its homepage. Therefore when combined with LDAP group mappings, it would mean that a member of the given LDAP group would log in and only be able to see:

a) the contents of the stream that had been imposed as the homepage
b) any other streams/dashboards that the role had been granted access to, under the relevant menus
c) nothing else

I think the solution you suggest would mean that the role would have access to everything, but with the option for each user from the role to choose to limit their view.

(Jan Doberstein) #4

hej @stewart_cwn

what you want is possible with Graylog - what Jochen showed you is how the user can set a specific stream as his “startpage”.

Without that the user will see - after login - a list of streams he has access to and can select which stream he likes to see.

(Stewart Middleton) #5

Ah apologies - I misunderstood that distinction. It works great. Many thanks.

(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.