graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard

Published 20 hours ago verified publisher icon Graylog2

Reader role give user access to system related information via System menu

Open rivethead opened this issue 6 years ago • 3 comments

When a user is allocated to the Reader role, system information is available to the user via the System menu.

Expected Behavior

When assigning the Reader role to a user, the expectation is that the user will not have access to the System menu and system information.

Current Behavior

When assigning a user to the Reader role, the user has access to the System menu and info about the cluster and its configuration.

Possible Solution

A potential solution to the problem is to have a role to define a user that only needs to see messages in their allocated streams, with no access to system related information.

Steps to Reproduce (for bugs)

  1. Create a user
  2. Assign the user to the Reader role
  3. Log in as the new user
  4. The user has access to the System menu and system related information

Context

We are hosting a Graylog server which is used by multiple components as a centralized logging solution. An external company is hosting a system inside of our cluster, and are also writing messages to Graylog. We want to ensure the external company only has access to messages written by their application and no access to our own messages.

To achieve this we have set up a stream filtering based on the application parameter, and it works brilliantly.

However, when creating a new user for the external company and assigning the Reader role to the user, the external company's user has access to the System menu which is showing information about the installation we would rather not make publicly available.

In a perfect world, the external user will only have access to the Streams, Alerts, and Dashboards menu and not the Systems menu at all

Your Environment

  • Graylog Version: 2.4.0+2115a42
  • Elasticsearch Version: Version: 5.6.5, Build: 6a37571/2017-12-04T07:50:10.466Z, JVM: 1.8.0_162
  • MongoDB Version: db version v2.6.10
  • Operating System: Ubuntu 16.04.3 LTS
  • Browser version: Chrome

rivethead avatar Apr 11 '18 07:04 rivethead

Any news about this issue?

klingsor83 avatar Aug 23 '18 11:08 klingsor83

Same expected behavior here. Are there any plans for adjusting the Reader role in the future?

msu-ts avatar Jan 18 '19 07:01 msu-ts

Same expected behavior here in Graylog 4.3.4 version =(

Can you change back to create Roles without System Permission Views? Or correct this.

chalfling avatar Aug 08 '22 13:08 chalfling