Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roles Permissions #4254

Closed
TenGbps opened this issue Oct 17, 2017 · 2 comments
Closed

Roles Permissions #4254

TenGbps opened this issue Oct 17, 2017 · 2 comments
Assignees
Labels
Milestone

Comments

@TenGbps
Copy link

@TenGbps TenGbps commented Oct 17, 2017

User with roles edit on specific id can edit all roles

Permissions

        "roles:edit:59e........1a43", 
        "roles:edit:59e........1a44", 

roles

  • Graylog Version: 2.3.1
  • Elasticsearch Version: 5.5.1
  • MongoDB Version: 2.6.12
  • Operating System: CentOS7
  • Browser version: Firefox ESR 52.4
@bernd bernd added this to the 2.4.0 milestone Oct 17, 2017
@joschi
Copy link
Contributor

@joschi joschi commented Oct 18, 2017

@TenGbps What are the complete permissions of the user?

You can fetch them with the following command (replace "your-user-name" with the actual user name and adapt the host and port to your Graylog setup):

# curl -u admin:password 'http://127.0.0.1:9000/api/users/your-user-name?pretty=true'
@joschi joschi self-assigned this Oct 18, 2017
@joschi joschi added needs-input and removed to-verify labels Oct 18, 2017
@TenGbps
Copy link
Author

@TenGbps TenGbps commented Oct 18, 2017

"permissions": [
    "users:edit:test",
    "users:passwordchange:test",
    "clusterconfigentry:read",
    "indexercluster:read",
    "messagecount:read",
    "journal:read",
    "messages:analyze",
    "inputs:read",
    "metrics:read",
    "savedsearches:edit",
    "fieldnames:read",
    "buffers:read",
    "system:read",
    "savedsearches:create",
    "jvmstats:read",
    "decorators:read",
    "throughput:read",
    "savedsearches:read",
    "messages:read",
    "roles:edit:59e5....",
    "indexranges:rebuild",
    "inputs:edit:59db....",
    "dashboards:read:59c3....",
    "indexsets:read:59c3....",
    "roles:read",
    "inputs:terminate:59db....",
    "indices:failures:59c3....",
    "streams:read:59e5c....",
    "indexranges:read",
    "roles:edit:59e5....",
    "indices:read",
    "inputs:read:59d....",
    "dashboards:edit:59c...."
  ],

Permission for role are not based on id ?

@joschi joschi added web and removed needs-input labels Oct 18, 2017
@ghost ghost added the in progress label Oct 18, 2017
@ghost ghost removed the in progress label Oct 19, 2017
joschi added a commit that referenced this issue Oct 19, 2017
* Fix permission checks in RoleResource
* Conditionally display buttons in RoleList component

Fixes #4254
Refs #4265
(cherry picked from commit 5c38d3a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants