Is there a way to force an API account to only have access to scrape log messages for a given stream(s)?
I have a requirement to give a customer API access to a stream of data I have created. What I don’t want to do is allow them to search for log messages outside of this stream. We would prefer to have the customer scrape data rather than forward via a stream output to avoid data duplication.
Is there a way to achieve this natively in Graylog? I know that you can scrape messages for a stream like this, it would be nice if we could lock down the account so that they had to supply a filter for every search request.
This should be possible by giving the user account access to these streams and nothing else.
Normal “Reader” users shouldn’t be able to use the search without a given stream ID.
If that’s possible, it’s a bug and you should create a bug report at Issues · Graylog2/graylog2-server · GitHub with all necessary information (e. g. which roles and permissions you gave to the user account).
