graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Custom default Reader role

Open malinkinsa opened this issue 3 years ago • 0 comments

At this moment, user with default Reader role can watch input info and other information about clusters.

On input page, for example in kafka custom config, they can found sensitive data

It would be nice to be able to remove the ability to access a number of pages for a role Reader.

Reader permissions scope:

"clusterconfigentry:read",
"indexercluster:read",
"messagecount:read",
"journal:read",
"messages:analyze",
"inputs:read",
"metrics:read",
"fieldnames:read",
"buffers:read",
"system:read",
"jvmstats:read",
"decorators:read",
"throughput:read",
"messages:read"

Your Environment

  • Graylog Version: 4.3.5
  • Elasticsearch Version: 7.10
  • MongoDB Version: 4

malinkinsa avatar Sep 07 '22 09:09 malinkinsa