graylog-plugin-pipeline-processor icon indicating copy to clipboard operation
graylog-plugin-pipeline-processor copied to clipboard
verified publisher icon Graylog2

Problem with read permissions per pipeline rule

Open valihanov opened this issue 7 years ago • 0 comments

Problem description

When I add read permission for particular Pipeline rule to role by REST API, user with that role isn't able to manage this Pipeline rule. Page http://<Graylog_node>:9000/system/pipelines/rules isn't available. User get error

Could not retrieve processing rules Fetching rules failed with status: cannot GET http://<Graylog_node>:9000/api/plugins/org.graylog.plugins.pipelineprocessor/system/pipelines/rule (403)

Steps to reproduce the problem

  1. Make sure you have at least one Pipeline rule
  2. Create role with read permission for one Pipeline rule and without permission to read all Pipeline rules. Created role must contain line like this in the permission list:

"pipeline_rule:read:<Pipeline_rule_ID>",

And this role shouldn't contain line:

"pipeline_rule:read",

  1. Add user to created role
  2. Try to open page http://<Graylog_node>:9000/system/pipelines/rules by created user

Environment

  • Graylog Version: v2.4.6+ceaa7e4
  • Pipeline Processor plugin version: 2.4.6
  • Elasticsearch Version: 5.6.10
  • MongoDB Version: v3.6.6
  • Operating System: Debian 9
  • Browser version: Chrome 69

valihanov avatar Oct 16 '18 16:10 valihanov