Skip to content

/ graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roles Permissions #4254

Closed
TenGbps opened this issue Oct 17, 2017 · 2 comments
Closed

Roles Permissions #4254

TenGbps opened this issue Oct 17, 2017 · 2 comments
Assignees
@joschi
Labels
bug security web
Milestone
2.4.0

Comments

@TenGbps
Copy link

@TenGbps TenGbps commented Oct 17, 2017

User with roles edit on specific id can edit all roles

Permissions

        "roles:edit:59e........1a43", 
        "roles:edit:59e........1a44",

roles

  • Graylog Version: 2.3.1
  • Elasticsearch Version: 5.5.1
  • MongoDB Version: 2.6.12
  • Operating System: CentOS7
  • Browser version: Firefox ESR 52.4
@bernd bernd added this to the 2.4.0 milestone Oct 17, 2017
@joschi
Copy link
Contributor

@joschi joschi commented Oct 18, 2017
edited

@TenGbps What are the complete permissions of the user?

You can fetch them with the following command (replace "your-user-name" with the actual user name and adapt the host and port to your Graylog setup):

# curl -u admin:password 'http://127.0.0.1:9000/api/users/your-user-name?pretty=true'
@joschi joschi self-assigned this Oct 18, 2017
@joschi joschi added needs-input and removed to-verify labels Oct 18, 2017
@TenGbps
Copy link
Author

@TenGbps TenGbps commented Oct 18, 2017
edited 

"permissions": [
    "users:edit:test",
    "users:passwordchange:test",
    "clusterconfigentry:read",
    "indexercluster:read",
    "messagecount:read",
    "journal:read",
    "messages:analyze",
    "inputs:read",
    "metrics:read",
    "savedsearches:edit",
    "fieldnames:read",
    "buffers:read",
    "system:read",
    "savedsearches:create",
    "jvmstats:read",
    "decorators:read",
    "throughput:read",
    "savedsearches:read",
    "messages:read",
    "roles:edit:59e5....",
    "indexranges:rebuild",
    "inputs:edit:59db....",
    "dashboards:read:59c3....",
    "indexsets:read:59c3....",
    "roles:read",
    "inputs:terminate:59db....",
    "indices:failures:59c3....",
    "streams:read:59e5c....",
    "indexranges:read",
    "roles:edit:59e5....",
    "indices:read",
    "inputs:read:59d....",
    "dashboards:edit:59c...."
  ],

Permission for role are not based on id ?
@joschi joschi added web and removed needs-input labels Oct 18, 2017
@joschi joschi mentioned this issue Oct 18, 2017
Merged
@ghost ghost added the in progress label Oct 18, 2017
@ghost ghost removed the in progress label Oct 19, 2017
@kroepke kroepke mentioned this issue Oct 19, 2017
Merged
joschi added a commit that referenced this issue Oct 19, 2017
@kroepke @joschi
Fix permission handling for editing/deleting roles (#4265) (#4270)
Loading status checks…
5917767 
* Fix permission checks in RoleResource
* Conditionally display buttons in RoleList component

Fixes #4254
Refs #4265
(cherry picked from commit 5c38d3a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joschi joschi

Labels
bug security web
Projects
None yet
Milestone
2.4.0
Linked pull requests

Successfully merging a pull request may close this issue.

Fix permission handling for editing/deleting roles
3 participants
@bernd @joschi @TenGbps