User with stream edit permission able to get all log messages

juey90 · November 7, 2017, 3:39pm

Hi,

while playing around with stream permissions, i found out that it is possible for a user with editing permission (e.g. “permissions”: [ “streams:edit:xxxxxxxxxxxxxxxxxxxxxxxxxxx” ]) on a particular stream to create either the “always match” rule or build a tautology using “field exists” in kombination with OR (field “source” exists OR field “source” not exists), using a catch-all regex rule, etc. Isn´t this undermining the security concept to allow non-admin user to see every log message ? I would welcome at least a hint or information in the doc for users planing a security concept in graylog.

Versions used: graylog 2.3.1, elasticsearch 5.5.2, Oracle jre 1.8.0_144, mongodb 3.4.7, all on Ubuntu 16.04 LTS.

jochen · November 7, 2017, 11:45pm

If you’re allowing a user to edit a stream (which means editing stream rules), what do you expect to happen?

In other words: No, that’s not undermining the security concept of Graylog. Just don’t give your users permissions to edit stuff they shouldn’t edit.

system · November 21, 2017, 11:45pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
A question about stream functionality (rules, permissions) Graylog Central (peer support)	4	415	April 24, 2020
Allow non-admin user to see all input logs Graylog Central (peer support)	5	1863	April 22, 2019
Allowing users to edit streams/alerts without giving them access to all messages Graylog Central (peer support)	5	1646	February 14, 2019
Stream ruels security question Graylog Central (peer support)	4	603	October 2, 2017
Stream Permissions Graylog Central (peer support)	4	1868	August 10, 2022

User with stream edit permission able to get all log messages

Related topics