1. Describe your incident:
I was launching my log center infraestructure, one of the things missing was having a role with less permissions for maintenance. But the problem begin when i configure a rol, with only “read” permissions and this role let me delete indexes.
By the way its a role i created with the API of graylog.
2. Describe your environment:
-
OS Information:Ubuntu 22.04 jammy
-
Package Version: graylog 6.0.12
-
Service logs, configurations, and environment variables:
Permisions of the role:
{
"name": "Sistemas",
"description": "Rol de mantenimiento de solo lectura.",
"permissions": [
"clusterconfigentry:read",
"indexercluster:read",
"dashboards:read",
"eventdefinitions:read",
"streams:read",
"messagecount:read",
"journal:read",
"messages:analyze",
"metrics:read",
"indexsets:read",
"indices:read",
"fieldnames:read",
"buffers:read",
"indexranges:read",
"system:read",
"notifications:read",
"jvmstats:read",
"decorators:read",
"throughput:read",
"messages:read",
"eventnotifications:read"
],
"read_only": false
}
3. What steps have you already taken to try and solve the problem?
I was trying to remove one of the diferents permisions of indexes like:
indexsets and indices
But it didn’t work, and if i remove one of them, i can`t see the indexes.
4. How can the community help?
I think this is a bug, tell if one of you pass trough this, and if you know tell how to solve. By the way i’m gonna wait for the answers, and if we go to the conclusion its a bug, im gonna post it in the issues part of graylog git hub.
Have a nice day 
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]