New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roles Permissions #4254

Closed
TenGbps opened this Issue Oct 17, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@TenGbps

TenGbps commented Oct 17, 2017

User with roles edit on specific id can edit all roles

Permissions

        "roles:edit:59e........1a43", 
        "roles:edit:59e........1a44", 

roles

  • Graylog Version: 2.3.1
  • Elasticsearch Version: 5.5.1
  • MongoDB Version: 2.6.12
  • Operating System: CentOS7
  • Browser version: Firefox ESR 52.4

@bernd bernd added this to the 2.4.0 milestone Oct 17, 2017

@joschi

This comment has been minimized.

Contributor

joschi commented Oct 18, 2017

@TenGbps What are the complete permissions of the user?

You can fetch them with the following command (replace "your-user-name" with the actual user name and adapt the host and port to your Graylog setup):

# curl -u admin:password 'http://127.0.0.1:9000/api/users/your-user-name?pretty=true'

@joschi joschi self-assigned this Oct 18, 2017

@joschi joschi added needs-input and removed to-verify labels Oct 18, 2017

@TenGbps

This comment has been minimized.

TenGbps commented Oct 18, 2017

"permissions": [
    "users:edit:test",
    "users:passwordchange:test",
    "clusterconfigentry:read",
    "indexercluster:read",
    "messagecount:read",
    "journal:read",
    "messages:analyze",
    "inputs:read",
    "metrics:read",
    "savedsearches:edit",
    "fieldnames:read",
    "buffers:read",
    "system:read",
    "savedsearches:create",
    "jvmstats:read",
    "decorators:read",
    "throughput:read",
    "savedsearches:read",
    "messages:read",
    "roles:edit:59e5....",
    "indexranges:rebuild",
    "inputs:edit:59db....",
    "dashboards:read:59c3....",
    "indexsets:read:59c3....",
    "roles:read",
    "inputs:terminate:59db....",
    "indices:failures:59c3....",
    "streams:read:59e5c....",
    "indexranges:read",
    "roles:edit:59e5....",
    "indices:read",
    "inputs:read:59d....",
    "dashboards:edit:59c...."
  ],

Permission for role are not based on id ?

@joschi joschi added web and removed needs-input labels Oct 18, 2017

@wafflebot wafflebot bot added the in progress label Oct 18, 2017

@wafflebot wafflebot bot removed the in progress label Oct 19, 2017

joschi added a commit that referenced this issue Oct 19, 2017

Fix permission handling for editing/deleting roles (#4265) (#4270)
* Fix permission checks in RoleResource
* Conditionally display buttons in RoleList component

Fixes #4254
Refs #4265
(cherry picked from commit 5c38d3a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment