September 17, 2020, 12:26pm
I’m running Graylog 3.2 and Elasticsearch 6.8.
As admin I can save, edit and delete all of my searches, but regular (RO) users are prevented to delete their own.
“INFO [RestResource] Not authorized to access resource id <5f48ba91a1b183c912c632ec>. User is missing permission
I’ve tried to create a specific role
“name”: “Edit saved searches”,
“description”: “Permission to edit saved searches”,
but it doesn’t help and it’s not shown in the list of available roles.
I would really appreciate your hints.
September 18, 2020, 12:47pm
By default role Reader have permission to create/read/edit saved search, but it’s not enought to delete.
Try to create role with permission
view: delete using API:
"name": "Delete saved searches",
"description": "Permission to delete saved searches",
curl -i -X POST -u admin:pass -H ‘Content-Type: application/json’ -H ‘X-Requested-By: cli’ ‘ http://172.28.128.4:9000/api/roles’ -d @role-delete-saved-search.json
September 21, 2020, 10:35am
thank you for the hint.
I’ve run however what you’ve suggested but, despite the command has been successfully completed, the role is not enlisted among the available ones; not in the http://logger01:9000/system/authentication/roles and not even in the http://logger01:9000/api/roles.
What do you think I’m missing?
September 21, 2020, 10:40am
Check for error code after add role through api using curl, it should return error (also HTTP code other than 2XX) if something go wrong. I tested posted example in 3.3.5 and works fine for me, I can see role in web interface and also api.
September 23, 2020, 8:43am
Thank you shoothub,
I’ll update the version of Graylog.
October 7, 2020, 8:43am
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.