Hi guys,
I’m trying to create a role that limits users to administer sidecars and API tokens without opening up the ability to modify the entire Graylog config.
I’ve been successful in limiting access with a custom role, but can’t get the Sidecars button to appear in the system menu. If a user with the role navigates to server.domain:9000/system/sidecars they actually get the sidecars options and can fully edit the sidecars, push configs, create new API keys etc.
However, for the life of me I can’t get the actual Sidecars button to appear. I resorted to granting read access to pretty much everything listed when I dumped out the granular permissions but the button still doesn’t appear.
Here’s what I’ve granted so far
'{"read_only": false,"permissions":["authentication:read",
"users:tokencreate",
"users:tokenlist",
"users:list",
"users:tokenremove",
"users:read",
"roles:read",
"sidecars:update",
"sidecars:create",
"sidecars:read",
"sidecars:delete",
"sidecar_collectors:update",
"sidecar_collectors:read",
"sidecar_collectors:create",
"sidecar_collectors:delete",
"sidecar_collector_configurations:read",
"sidecar_collector_configurations:update",
"sidecar_collector_configurations:create",
"sidecar_collector_configurations:delete",
"collectors:read",
"messages:analyze",
"extendedsearch:use",
"searches:absolute",
"searches:keyword",
"searches:relative",
"system:read",
"inputs:read",
"sources:read",
"loggers:read",
"deflector:read",
"inputs:read",
"catalog:list",
"eventnotifications:read",
"indexercluster:read",
"throughput:read",
"loggersmessages:read",
"fieldnames:read",
"buffers:read",
"node:read",
"decorators:read",
"processing:read",
"messages:read",
"stream_outputs:read",
"notifications:read",
"eventdefinitions:read",
"indexranges:read"],
"name": "Sidecar Administrator","description": "Permission to administer Sidecar nodes and API keys"}'
Does anyone have any idea if there’s a dependant permission or level of access that I’ve not granted that the Sidecars menu is reliant on before it appears in the System menu?
Thanks in advance,
Paul