Questions regarding Enterprise (Permissions, Archiving)

(Zero) #1

Hi!
I’ve been wondering about buying the Enterprise for a long time and I’ve got some questions about it.

Is it possible to give permissions on Views for specific streams?
For example:

I want LDAP Group A, with role “A” to be able to only use Views with Stream “Group A Stream” and I want another LDAP Group B with role “B” to be able to only use Views with Stream “Group B Stream”.

It is required by my company’s security that people are not able to see all data stored in Graylog but some specific portions of it (financial company so this is a must-have)

Is it possible to give API permissions for searching on specific streams?

As far as I used Graylog I saw that a role has to have permissions for “SEARCH” category but “SEARCH” is literally searching in all data, not on specific streams. Like in the above example I can’t allow people to search trough everything that is stored in my Graylog/Elasticsearch, only their portions of it.
So, is it possible to give API permissions to roles allowing them to search data trough Graylog’s API (automated testing for example) but ONLY from specific streams?

Can I point archiving directory into an NFS mounted filesystem (from an objective storage, I know it sucks …)?

We tried closing elasticsearch indices on a such mounted filesystem but it sucks reaaaally bad, objective storage is slow as hell and storing indices in there was not a problem but opening them was a … well, random events occured which almost every time resulted in losing our data (and it impacted Elasticsearch cluster heavily).
So my questions in general means: Can I just store those pretty Graylog archives on such a mounted filesystem and then restore them without much of a fuss?
As far as I understood those archives are plaintext so it shouldn’t be a problem even if the “backend” is slow and I shouldn’t lose those archives either because I can try to reindex them as many times as I want to, right?

That would be it! Permissions and archiving are the deal breaker for my project.

P.S Also, I’ve run into some problems with sorting (ASC / DESC) fields that are of type LONG but when I change the elastic mapping for them into INTEGER they are sorting just fine - Graylog 3.0.1, I’ll probably create another topic for that stuff tho :slight_smile:

0 Likes

(Ben van Staveren) #2

I am unsure about the Enterprise bits, but you can already assign specific search permissions for people based on which streams they’re allowed to see (e.g. also means they’re allowed to search those streams).

1 Like

(Zero) #3

Oh, could you give me an example JSON file with such API search permissions for let’s say stream “TEST_GRAYLOG”? It seems I’m too stupid because all I saw was

"searches:relative”,“searches:absolute”,“searches:keyword”

which are giving the search option to search in ALL data, not specific streams :confused:

0 Likes

(Ben van Staveren) #4

It’s based on the roles you assign to a user through the web interface - if you grant a user (or role, rather) permission to read a stream, that same user can search in the stream as well.

1 Like

(Zero) #5

Alright thanks a lot!

Now I’ll wait for the answers about Views and Archiving

0 Likes

(Jan Doberstein) #6

Permissions

as already pointed out by @benvanstaveren the permissions are given on stream base. You can search in the streams you have access too.

Archive

The archives can be stored on any local mounted path - no matter what backs that up. But if it is slow that might have some influence on the complete system …

1 Like