ChaosSearch RBAC

An overview of the user and group role-based access controls for ChaosSearch

Role-based access control enables you to control the actions a user can perform within the ChaosSearch platform. Roles control access to the different sections (Storage, Refinery, Analytics, and Dashboard), indexes, and even the fields and documents users can access.

The complete list of RBAC permission settings are documented in RBAC Configuration. The following table summarizes some common grants and restrictions to system resources that can be applied to RBAC groups with some suggested settings for end users (team users).

System Resources

RBAC Permissions

1

Storage Panel - Buckets

  • Restrict users to seeing only source buckets that begin/end with or contain a specific string.
  • Restrict users to creating source buckets that begin/end with or contain a specific string.

2

Storage Panel - Object groups

  • Restrict users to seeing only those object groups that begin/end with or contain a specific string.
  • Restrict users to creating object groups that begin/end with or contain a specific string.
  • Restrict users to creating object groups that reference source buckets that begin/end with or contain a specific string.

3

Storage Panel - Files in bucket

  • Restrict users to seeing only specific files in a bucket in the file viewer.

4

Refinery Panel

  • Restrict users to creating views that begin/end with or contain a specific string.
  • Restrict users to creating views that reference object groups that begin/end with or contain a specific string.
  • Restrict users to seeing views that begin/end with or contain a specific string.

5

Analytics Panel - Views

  • Restrict users to seeing views that begin/end with or contain a specific string.
  • Restrict which views can be seen/searched when using Kibana (discover/vis/dashboard/monitor).

6

Analytics Panel - Kibana Dashboards

  • Restrict users to see only Kibana dashboards that begin/end with or contain a specific string.
  • Restrict users to create only Kibana dashboards that begin/end with or contain a specific string.

7

Analytics Panel - Kibana Visualizations

  • Restrict users to see only Kibana visualizations that begin/end with or contain a specific string.
  • Restrict users to create only Kibana visualizations that begin/end with or contain a specific string.

8

Analytics Panel - Kibana Saved Searches

  • Restrict users to see only Kibana saved searches that begin/end with or contain a specific string.
    • Restrict users to create only Kibana saved searches that begin/end with or contain a specific string.

9

Analytics Panel - Kibana Monitors

  • Disable Kibana Alerting for team members since alerting queries run as the primary account user.

10

System Dashboard Panel

  • Disable for non-admin users since the dashboard shows cluster-wide information.

Did this page help you?