User permissions by role: What does the default Reader grant access to exactly?


(Bronius Motekaitis) #1

Out of the box, Graylog comes with Admin and Reader roles with no way (that I see) of viewing what each does nor how to edit granular permissions. With a newly created user, I assign Reader, but when I sign in as this user, I don’t have access to any Dashboards, streams etc. The only way I see to grant access is to create a new Reader-ish role, assign all assets as Read, and then we should be off to the races.

What’s the purpose of Reader? Or better, how do I let Reader have access to #allthethings?

Note, I do get the message “Setting individual permissions is deprecated, please consider migrating to roles instead” on this new Graylog 2.3.2+3df951e instance which, as I understand it, was an issue closed out last year? On this vanilla install, I expect (and prefer) to be using the preferred Roles method.

Thanks
-Bronius


(Bronius Motekaitis) #2

I think @Quasy may have provided a definitive list of permissions that the out-of-the-box Reader role grants in this thread: Graylog Reader User

Still not sure how to provide strictly role-based permissions instead of tailoring each user stream-by-stream, feature-by-feature.


#3

One user can have several roles. For example, if one user needs access to AD logs and DHCP logs, but other users only one of them, you can assign that user two roles. Then adding log sources for AD people will add them to all who have that role, including those that have other roles, as well.


(Bronius Motekaitis) #4

<strikethrough>That’s exactly how I expect it to work, but pls see my original post at the top of this thread.</strikethrough>

Hmmm… I see that now! Before, I did not see the extensive options at the bottom of the New Role interface. Must have been my oversight.

Thanks!
-Bronius


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.