ChaosSearch RBAC

An overview of the role-based access controls for ChaosSearch

Role-based access control (RBAC) enables you to control the actions that a user can perform within the ChaosSearch platform. Roles define access to the different sections (Storage, Refinery, Analytics, & System Dashboard), indexes, and even the fields and documents that users can access.

The user permission group APIs are HTTP-based APIs allowing a caller to perform create, read, update, and delete (CRUD) operations on permission groups for the ChaosSearch service. The format of the endpoints uses singular nouns representing objects of the service, and HTTP verbs to perform operations. For example, an HTTP POST is a create operation for a given object such as a group. Singular objects use identifiers in the HTTP path, whereas plural (bulk) object operations require the caller to provide a JSON document describing the data on which to operate.


User permission groups contain the following fields of information:


  • Id​ : String - unique identifier for the group generated by the ChaosSearch service
  • name​ : String - label or some type of name for the group​
  • permissions​ : Array[PermissionContainer] - a collection of permissions for the group


  • Version​ : String - A version for the data format (1.0 is the current version value.)
  • Effect​ : String - The mode or action of the rule (for example, Allow/Deny)
  • Actions​ : Array[String] - The action(s) to which this container applies​
  • Resources​ : Array[String] - The resource(s) to which this container applies
  • Condition​ : JSON object - Logical conditions to be applied by the policy at the time of enforcement

Did this page help you?