graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Handle deleted streams in dependent dashboards

Open ryan-carroll-graylog opened this issue 1 year ago • 2 comments

If a dashboard is scoped to a stream and then that stream is deleted, the dashboard still references the deleted streams ID. image This causes issues for shared entities when for instance the dashboard and stream have been shared with another user, the shared too user can no longer view the dashboard due to missing permissions for the deleted stream. See https://github.com/Graylog2/support/issues/38 for customer issue related to this.

Additionally it is unknown how this affects search results.

Expected Behavior

  • A user should be able to view entities shared with them if all existing dependent entities have also been shared with them.
  • Deleted streams should probably be removed from dependent entities.

Current Behavior

See description.

Possible Solution

  • Remove deleted streams from dashboards, possibly utilizing the StreamDeletedEvent event bus event. Or
  • Update permissions checks to ignore deleted entities.

Steps to Reproduce (for bugs)

  1. Create a new stream and create a new dashboard which uses this new stream

  2. Create a new user, give this user access to the dashboard and stream created on step 1.

  3. Delete the stream

  4. Now the user cannot use the dashboard image

  5. Trying to change the permissions to the dashboard as admin does not work due to unknown dependencies (i.e. the missing stream) screenshots attached bellow image image

Context

Your Environment

Happens currently in all tested GL versions (6.1 and below)

Customer Environment Graylog Version: Graylog 5.2.6+5296b15

ryan-carroll-graylog avatar Jun 06 '24 13:06 ryan-carroll-graylog

Hi @ryan-carroll-graylog! Thanks a lot for a detailed description.

AFAIK, when you delete the stream, the old messages in the search engine still contain deleted stream ID. Because of that, the search/dashboard should work as it did before the stream deletion, which should be an answer to your question - Additionally it is unknown how this affects search results.

My personal opinion is that both proposed solutions to this problem have some flaws.

It might have been very important that a stream was hidden behind certain permission. If you remove the permission check, someone may see old data from that deleted stream, which they should not be able to do.

The stream might have been important for a dashboard. If you remove it automatically, the whole dashboard may lose its meaning.

So IMHO it should be a decision of an admin (that can see all streams anyway) and his manual job to solve this problem, by removing a dashboard if it has no sense after stream deletion, removing the stream if the dashboard can live without it, recreating the deleted stream if it was important...

It may be a per-case decision, different each time.

But it is only my opinion, maybe we should bring @Graylog2/architecture to the discussion?

luk-kaminski avatar Sep 04 '24 08:09 luk-kaminski

So IMHO it should be a decision of an admin (that can see all streams anyway) and his manual job to solve this problem, by removing a dashboard if it has no sense after stream deletion, removing the stream if the dashboard can live without it, recreating the deleted stream if it was important...

It may be a per-case decision, different each time.

But it is only my opinion, maybe we should bring @Graylog2/architecture to the discussion?

These are all very good points so I can definitely see the merit in leaving the resolution to an admin instead of us trying to guess the intended behavior.

I have no real preference and my main intent was just to convey the customer issue in https://github.com/Graylog2/support/issues/38, but @BBruce-Graylog and @StefanTheGerman may have an opinion on this.

ryan-carroll-graylog avatar Sep 04 '24 15:09 ryan-carroll-graylog

Maybe it would be enough to rework the error that is presented and still have access to the dashboard in question without the data, and whether it's meaningful or not doesn't matter at this point, I would say.

StefanTheGerman avatar Jan 03 '25 13:01 StefanTheGerman

@kmerz @Emy-01 Any update on the status of this issue?

Do we need to invest more time in looking for a solution or is this simply a case where (as Dennis suggested in the support issue) we believe the system is working as intended and a GL admin should make the decision of whether or not to remove the deleted stream from the shared dashboard?

https://github.com/Graylog2/support/issues/38

waab76 avatar Jan 03 '25 14:01 waab76

@dennisoelkers let's mark this use case as 'working as expected'. Admins should make the decision to remove the dashboard in case the stream is removed.

Emy-01 avatar Mar 24 '25 12:03 Emy-01