Read-Only users cannot delete saved searches

Dear Community,
I’m running Graylog 3.2 and Elasticsearch 6.8.
As admin I can save, edit and delete all of my searches, but regular (RO) users are prevented to delete their own.

“INFO [RestResource] Not authorized to access resource id <5f48ba91a1b183c912c632ec>. User is missing permission view:delete:5f48ba91a1b183c912c632ec

I’ve tried to create a specific role

“name”: “Edit saved searches”,
“description”: “Permission to edit saved searches”,
“permissions”: [
“read_only”: false

but it doesn’t help and it’s not shown in the list of available roles.

I would really appreciate your hints.

Kind regards

By default role Reader have permission to create/read/edit saved search, but it’s not enought to delete.
Try to create role with permission view: delete using API:

Create file: role-delete-saved-search.json

  "name": "Delete saved searches",
  "description": "Permission to delete saved searches",
  "permissions": [
  "read_only": "false"

Run command:
curl -i -X POST -u admin:pass -H ‘Content-Type: application/json’ -H ‘X-Requested-By: cli’ ‘’ -d @role-delete-saved-search.json

Hello shoothub,

thank you for the hint.
I’ve run however what you’ve suggested but, despite the command has been successfully completed, the role is not enlisted among the available ones; not in the http://logger01:9000/system/authentication/roles and not even in the http://logger01:9000/api/roles.

What do you think I’m missing?

Kind regards

Check for error code after add role through api using curl, it should return error (also HTTP code other than 2XX) if something go wrong. I tested posted example in 3.3.5 and works fine for me, I can see role in web interface and also api.

Thank you shoothub,
I’ll update the version of Graylog.

Kind regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.