Prevent API based searches without a filter


(Thomas Cuthbert) #1

Is there a way to force an API account to only have access to scrape log messages for a given stream(s)?

I have a requirement to give a customer API access to a stream of data I have created. What I don’t want to do is allow them to search for log messages outside of this stream. We would prefer to have the customer scrape data rather than forward via a stream output to avoid data duplication.

Is there a way to achieve this natively in Graylog? I know that you can scrape messages for a stream like this, it would be nice if we could lock down the account so that they had to supply a filter for every search request.


(Jochen) #2

This should be possible by giving the user account access to these streams and nothing else.

Normal “Reader” users shouldn’t be able to use the search without a given stream ID.

If that’s possible, it’s a bug and you should create a bug report at https://github.com/Graylog2/graylog2-server/issues with all necessary information (e. g. which roles and permissions you gave to the user account).


(Thomas Cuthbert) #3

No bug, I assumed I had to give the API “search” privileges when in fact they should have only had stream.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.