Hi,
We are using Graylog for a lot of different users. Everyone have only the permission for a few source-systems and their logfiles.
We have a lot of streams and everyone have one or more “Owner” or “Manager”.
The problem is now, that the owner of a stream can edit the rules and add what ever he want. For example “source - contains - example.com”. Then the stream conains every log of every System.
Can we edit the permissions for the streams, that they can still share it, but not edit the rules?
Hi,
Yeah of course.
The User Roles didnt work. If a user have only the reader role and I give him the Owner or Manager of a stream, the user can change everything in it. In the documentation it says: “Viewer rights mean you can use the entity, but not make any changes to them. Manager rights mean you can edit any aspect about them, including deleting them. Owner rights mean Manager rights, but on top of them, come with the ability to share the entity with additional users. This difference is to prevent privilege escalation: just because I have access to change a dashboard does not mean I should be able to share it with someone else.”
I need that for example manager can share the stream, but not change the rules in it.
Do I have other options there in the Enterprise Edition?
Only thing Enterprise Edition has is teams but as far as the streams go, I don’t see any way for a “Manager” Collaborator to be restricted from changing the rules on a stream.
Maybe someone else here knows HowTo or perhaps make a feature request for something like that here