Sidecars Access Limitation

PaulHalliwell · February 6, 2020, 8:12pm

Hi guys,

I’m trying to create a role that limits users to administer sidecars and API tokens without opening up the ability to modify the entire Graylog config.

I’ve been successful in limiting access with a custom role, but can’t get the Sidecars button to appear in the system menu. If a user with the role navigates to server.domain:9000/system/sidecars they actually get the sidecars options and can fully edit the sidecars, push configs, create new API keys etc.

However, for the life of me I can’t get the actual Sidecars button to appear. I resorted to granting read access to pretty much everything listed when I dumped out the granular permissions but the button still doesn’t appear.

Here’s what I’ve granted so far

'{"read_only": false,"permissions":["authentication:read",
"users:tokencreate",
"users:tokenlist",
"users:list",
"users:tokenremove",
"users:read",
"roles:read",
"sidecars:update", 
"sidecars:create", 
"sidecars:read",
"sidecars:delete",
"sidecar_collectors:update",
"sidecar_collectors:read",
"sidecar_collectors:create",
"sidecar_collectors:delete",
"sidecar_collector_configurations:read",
"sidecar_collector_configurations:update",
"sidecar_collector_configurations:create",
"sidecar_collector_configurations:delete",
"collectors:read", 
"messages:analyze", 
"extendedsearch:use",
"searches:absolute",
"searches:keyword",
"searches:relative",
"system:read",
"inputs:read",
"sources:read",
"loggers:read",
"deflector:read",
"inputs:read",
"catalog:list",
"eventnotifications:read",
"indexercluster:read",
"throughput:read",
"loggersmessages:read",
"fieldnames:read",
"buffers:read",
"node:read",
"decorators:read",
"processing:read",
"messages:read",
"stream_outputs:read",
"notifications:read",
"eventdefinitions:read",
"indexranges:read"],
"name": "Sidecar Administrator","description": "Permission to administer Sidecar nodes and API keys"}'

Does anyone have any idea if there’s a dependant permission or level of access that I’ve not granted that the Sidecars menu is reliant on before it appears in the System menu?

Thanks in advance,
Paul

jan · February 9, 2020, 12:23pm

he @PaulHalliwell

do you mind to open a bug report over at https://github.com/Graylog2/graylog2-server/issues

This looks like one to me.

PaulHalliwell · February 17, 2020, 8:05am

@jan Sure thing.

I’ll open one this morning.

system · March 2, 2020, 8:05am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't figure out permisions for sidecars API Graylog Central (peer support) sidecar	7	475	February 10, 2022
How to secure graylog? Graylog Central (peer support) sidecar	6	502	December 31, 2019
Graylog Sidecar Best Practices? Graylog Central (peer support) sidecar	1	379	December 21, 2019
Sidecars Overview Display Settings Graylog Central (peer support) sidecar	7	328	January 30, 2023
Graylog 3.0 Sidecar Graylog Central (peer support) sidecar	4	1383	February 28, 2019

Sidecars Access Limitation

Related Topics