ChaosSearch RBAC
An overview of the subaccount and group role-based access controls for ChaosSearch
Role-based access control enables you to control the actions a subaccount can perform within the ChaosSearch platform. Roles control access to the different sections (Storage, Groups, Views, Search Analytics, SQL Analytics, and System Dashboard), specific object groups or views, intervals, and even the fields and indexes that users can access.
The complete list of RBAC permission settings are documented in RBAC Configuration. The following table summarizes some common restrictions to system resources that can be applied to RBAC groups with some suggested practices for end users.
| # | System Resources | RBAC Permission Suggestions |
|---|---|---|
| 1 | Storage Panel - Buckets | - Restrict users to seeing only source buckets that begin/end with or contain a specific string. - Restrict users to creating source buckets that begin/end with or contain a specific string. |
| 2 | Storage Panel - Files in bucket | - Restrict users to seeing only specific files in a bucket in the file viewer. |
| 3 | Groups Panel - Object groups | - Restrict users to seeing only those object groups that begin/end with or contain a specific string. - Restrict users to creating object groups that begin/end with or contain a specific string. - Restrict users to creating object groups that reference source buckets that begin/end with or contain a specific string. |
| 4 | Views Panel | - Restrict users to creating views that begin/end with or contain a specific string. - Restrict users to creating views that reference object groups that begin/end with or contain a specific string. - Restrict users to seeing views that begin/end with or contain a specific string. |
| 5 | Search Analytics Panel - Views | - Restrict users to seeing views that begin/end with or contain a specific string. - Restrict which views can be seen/searched when using Search Analytics (discover/visualizations/dashboards/monitors). |
| 6 | Search Analytics Panel - Dashboards | - Restrict users to see only Search Analytics dashboards that begin/end with or contain a specific string. - Restrict users to create only Search Analytics dashboards that begin/end with or contain a specific string. |
| 7 | Search Analytics Panel - Visualizations | - Restrict users to see only Search Analytics visualizations that begin/end with or contain a specific string. - Restrict users to create only Search Analytics visualizations that begin/end with or contain a specific string. |
| 8 | Search Analytics Panel - Saved Searches | - Restrict users to see only Search Analytics saved searches that begin/end with or contain a specific string. - Restrict users to create only Search Analytics saved searches that begin/end with or contain a specific string. |
| 9 | Search Analytics Panel - Monitors | - Disable the management of Search Analytics Alerting for subaccount users because alerts must be configured using the permissions of the primary user. |
| 10 | System Dashboard Panel | - Disable for non-admin users since the dashboard shows cluster-wide information. |
Updated 4 months ago