Permissions Issue


#1

Graylog v2.2.3 RHEL6 64-bit

I’m trying to remove as much access to the admin section of Graylog as a I can, while enabling users to create their own decorators using pipelines, but not allowing them to connect a pipeline to a stream. I have modified the Reader role to the following permissions:

"permissions" : [
	"buffers:read", 
	"clusterconfigentry:read",
	"decorators:read", 
	"fieldnames:read", 
	"indexercluster:read", 
	"journal:read", 
	"messagecount:read", 
	"messages:analyze", 
	"messages:read", 
	"metrics:read", 
	"savedsearches:create", 
	"savedsearches:edit", 
	"savedsearches:read", 
	"system:read",
	"throughput:read"
]

This is mostly what I’m looking for. For users that need to create pipelines as decorators only, I have another role with the following permissions:

"pipeline:create",
"pipeline:read",
"pipeline:edit",
"pipeline:delete",
"pipeline_rule:create",
"pipeline_rule:read",
"pipeline_rule:edit",
"pipeline_rule:delete",
"pipeline_connection:read"

However, the Pipelines menu item is still hidden and if I manually navigate to /system/pipelines, I get redirected back to the home page. I added the last line for read only to connections as I was getting a 403 error when manually navigating.

Is there something I’m missing?

Thanks!


#2

Should I open up an Issue in GitHub for this?


(Jochen) #3

Yes, please open an issue on GitHub.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.