graylog-plugin-pipeline-processor icon indicating copy to clipboard operation
graylog-plugin-pipeline-processor copied to clipboard

Published 20 hours ago verified publisher icon Graylog2

Problem with read permissions per pipeline connection

Open valihanov opened this issue 7 years ago • 0 comments
trafficstars

Problem description

When I add read permission for particular Pipeline connection to role by REST API, user with that role isn't able to manage this Pipelines. Page http://<Graylog_node>:9000/system/pipelines isn't available. User get error:

Could not retrieve pipeline connections Fetching pipeline connections failed with status: cannot GET http://graylog:9000/api/plugins/org.graylog.plugins.pipelineprocessor/system/pipelines/connections (403)

Steps to reproduce the problem

  1. Create Stream, Pipeline. Connect them.
  2. Create role with full permission for created Stream, Pipeline and read permission for their Pipeline connection, but without permission to read all Pipeline rules. Created role must contain line like this in the permission list:

"pipeline_connection:read:<Pipeline_connection_id>",

And this role shouldn't contain line:

"pipeline_connection:read",

  1. Add user to created role
  2. Try to open page http://<Graylog_node>:9000/system/pipelines by created user

Environment

  • Graylog Version: v2.4.6+ceaa7e4
  • Pipeline Processor plugin version: 2.4.6
  • Elasticsearch Version: 5.6.10
  • MongoDB Version: v3.6.6
  • Operating System: Debian 9
  • Browser version: Chrome 69

valihanov avatar Oct 16 '18 17:10 valihanov