Graylog v2.2.3 RHEL6 64-bit
I’m trying to remove as much access to the admin section of Graylog as a I can, while enabling users to create their own decorators using pipelines, but not allowing them to connect a pipeline to a stream. I have modified the Reader role to the following permissions:
"permissions" : [
"buffers:read",
"clusterconfigentry:read",
"decorators:read",
"fieldnames:read",
"indexercluster:read",
"journal:read",
"messagecount:read",
"messages:analyze",
"messages:read",
"metrics:read",
"savedsearches:create",
"savedsearches:edit",
"savedsearches:read",
"system:read",
"throughput:read"
]
This is mostly what I’m looking for. For users that need to create pipelines as decorators only, I have another role with the following permissions:
"pipeline:create",
"pipeline:read",
"pipeline:edit",
"pipeline:delete",
"pipeline_rule:create",
"pipeline_rule:read",
"pipeline_rule:edit",
"pipeline_rule:delete",
"pipeline_connection:read"
However, the Pipelines menu item is still hidden and if I manually navigate to /system/pipelines, I get redirected back to the home page. I added the last line for read only to connections as I was getting a 403 error when manually navigating.
Is there something I’m missing?
Thanks!