diff --git a/docs/api/index.md b/docs/api/index.md index 87ddf65a..4cdc901e 100644 --- a/docs/api/index.md +++ b/docs/api/index.md @@ -22,9 +22,9 @@ Make sure that you are sending the requests over HTTPS. 1. [Schema](stream/schema) 1. [Setting](stream/setting) 1. [Ingestion](ingestion/) - 1. [Bulk](ingestion/bulk) - 1. [Json](ingestion/json) - 1. [Multi](ingestion/multi) + 1. [Bulk](ingestion/logs/bulk) + 1. [Json](ingestion/logs/json) + 1. [Multi](ingestion/logs/multi) 1. [Search](search/) 1. [Function](function/) 1. [User](user/) diff --git a/docs/api/user/add_user.md b/docs/api/user/add_user.md index 731da2fd..deddc354 100644 --- a/docs/api/user/add_user.md +++ b/docs/api/user/add_user.md @@ -3,7 +3,7 @@ description: >- Add an existing user to an OpenObserve organization with a specified role using a simple POST request. Supports admin and user roles. --- -# Add exiting user to org +# Add existing user to org Endpoint: `POST /api/{organization}/users/{user_email}` diff --git a/docs/user-guide/alerts/index.md b/docs/user-guide/alerts/index.md index ef178196..96f72138 100644 --- a/docs/user-guide/alerts/index.md +++ b/docs/user-guide/alerts/index.md @@ -8,5 +8,5 @@ Alerts enable continuous monitoring of log, metric, or trace data to detect crit - [Templates](../management/templates/) - [Import and Export Alerts](../alerts/import-export-alerts/) - [Alert Folders](../alerts/alert-folders/) -- [Multi-window Selector in Scheduled Alerts (SQL Mode)](../alerts/]multi-window-selector-scheduled-alerts-concept) +- [Multi-window Selector in Scheduled Alerts (SQL Mode)](../alerts/multi-window-selector-scheduled-alerts-concept) - [Use Multi-window Selector in Scheduled Alerts](../alerts/how-to-access-multi-window-selector-scheduled-alerts) diff --git a/docs/user-guide/identity-and-access-management/.pages b/docs/user-guide/identity-and-access-management/.pages index 2b1b5d54..0d27be06 100644 --- a/docs/user-guide/identity-and-access-management/.pages +++ b/docs/user-guide/identity-and-access-management/.pages @@ -4,4 +4,5 @@ nav: - Enable Role-Based Access Control (RBAC) in Enterprise Edition: enable-rbac-in-openobserve-enterprise.md - Single Sign-On (SSO): sso.md - Organizations: organizations.md - - Quotas: quotas \ No newline at end of file + - Quotas: quotas + - Manage Users & Passwords: update-password.md \ No newline at end of file diff --git a/docs/user-guide/identity-and-access-management/images/enable-change-password.png b/docs/user-guide/identity-and-access-management/images/enable-change-password.png new file mode 100644 index 00000000..81f46402 Binary files /dev/null and b/docs/user-guide/identity-and-access-management/images/enable-change-password.png differ diff --git a/docs/user-guide/identity-and-access-management/images/users.png b/docs/user-guide/identity-and-access-management/images/users.png new file mode 100644 index 00000000..be33beec Binary files /dev/null and b/docs/user-guide/identity-and-access-management/images/users.png differ diff --git a/docs/user-guide/identity-and-access-management/index.md b/docs/user-guide/identity-and-access-management/index.md index bcb61d77..cea4cc4b 100644 --- a/docs/user-guide/identity-and-access-management/index.md +++ b/docs/user-guide/identity-and-access-management/index.md @@ -4,4 +4,5 @@ The following guides provide details on managing user identities and controlling - [Enable Role-Based Access Control (RBAC) in Enterprise Edition](../identity-and-access-management/enable-rbac-in-openobserve-enterprise/) - [Single Sign-On (SSO)](../identity-and-access-management/sso/) - [Organizations](../identity-and-access-management/organizations/) -- [Quotas](../identity-and-access-management/quotas/) \ No newline at end of file +- [Quotas](../identity-and-access-management/quotas/) +- [Manage Users & Passwords](../identity-and-access-management/update-password.md) \ No newline at end of file diff --git a/docs/user-guide/identity-and-access-management/update-password.md b/docs/user-guide/identity-and-access-management/update-password.md new file mode 100644 index 00000000..eb46f388 --- /dev/null +++ b/docs/user-guide/identity-and-access-management/update-password.md @@ -0,0 +1,69 @@ +--- +title: Updating Usernames and Passwords in OpenObserve +description: >- + Learn how to update usernames and passwords in OpenObserve via the UI or CLI. Includes steps for root password reset, best practices for credential rotation, and secure account management. +--- + +# Updating Usernames and Passwords in OpenObserve + +Managing credentials in OpenObserve is critical for securing your observability platform. Incorrect or outdated credentials can block access, cause downtime, or expose your system to security risks. This page explains how to update usernames and passwords through the UI or CLI, and provides best practices for secure credential management. + + +## Overview + +OpenObserve provides multiple ways to manage user credentials: + +* [UI-based](#updating-passwords-via-the-openobserve-ui) updates for users and roles +* [CLI-based](#resetting-the-root-password-via-cli) root password reset if locked out + +## Updating Passwords via the OpenObserve UI + +Use the OpenObserve UI to manage users easily. + +**Steps:** + +1. Log in as an administrator. +2. Navigate to **IAM → Users**. Click the **Edit** icon under **Actions** for the user you want to update. + ![](images/users.png) +3. Enable **Change Password** and enter the new password. + ![](images/enable-change-password.png){:style="height:300px"} +4. Click **Save Changes**. +5. Log out and verify that the updated credentials work. + +> **Tip:** You can also update user roles at the same time to enforce correct permissions. + + +## Resetting the Root Password via CLI + +If you are locked out of the root account, you can reset the root password from the CLI. + +**Steps:** + +1. Set environment variables for the new root credentials: + ```bash + export ZO_ROOT_USER_EMAIL="root@example.com" + export ZO_ROOT_USER_PASSWORD="NewStrongPassword123" + ``` + +2. Run the reset command from your OpenObserve installation directory: + ```bash + ./openobserve reset -c root + ``` + +3. After the reset completes, log in with the updated root credentials. + +> **Note:** For Docker or Kubernetes deployments, set the environment variables inside the container or pod before running the reset command. + + +## Best Practices + +* Update usernames, passwords, or roles via the UI whenever possible. +* Update root and user passwords periodically; rotate API keys or service accounts. +* Use long, complex, and unique passwords. Avoid reusing passwords across environments. +* Back up your metadata database, especially before manual or DB-level changes. +* Use dedicated users with least privilege; reserve root for emergencies. + +## Next Steps + +* Set up [alerts](../alerts/alerts.md) for failed logins to detect potential security issues. +* Review [RBAC and role assignments](../identity-and-access-management/enable-rbac-in-openobserve-enterprise.md) to ensure least-privilege access.