ChaosSearch RBAC

An overview of the subaccount and group role-based access controls for ChaosSearch

Role-based access control enables you to control the actions a subaccount can perform within the ChaosSearch platform. Roles control access to the different sections (Storage, Groups, Views, Search Analytics, SQL Analytics, and System Dashboard), specific object groups or views, intervals, and even the fields and indexes that users can access.

The complete list of RBAC permission settings are documented in RBAC Configuration. The following table summarizes some common restrictions to system resources that can be applied to RBAC groups with some suggested practices for end users.

#System ResourcesRBAC Permission Suggestions
1Storage Panel - Buckets- Restrict users to seeing only source buckets that begin/end with or contain a specific string.
- Restrict users to creating source buckets that begin/end with or contain a specific string.
2Storage Panel - Files in bucket - Restrict users to seeing only specific files in a bucket in the file viewer.
3Groups Panel - Object groups- Restrict users to seeing only those object groups that begin/end with or contain a specific string.
- Restrict users to creating object groups that begin/end with or contain a specific string.
- Restrict users to creating object groups that reference source buckets that begin/end with or contain a specific string.
4Views Panel- Restrict users to creating views that begin/end with or contain a specific string.
- Restrict users to creating views that reference object groups that begin/end with or contain a specific string.
- Restrict users to seeing views that begin/end with or contain a specific string.
5Search Analytics Panel - Views- Restrict users to seeing views that begin/end with or contain a specific string.
- Restrict which views can be seen/searched when using Search Analytics (discover/visualizations/dashboards/monitors).
6Search Analytics Panel - Dashboards- Restrict users to see only Search Analytics dashboards that begin/end with or contain a specific string.
- Restrict users to create only Search Analytics dashboards that begin/end with or contain a specific string.
7Search Analytics Panel - Visualizations- Restrict users to see only Search Analytics visualizations that begin/end with or contain a specific string.
- Restrict users to create only Search Analytics visualizations that begin/end with or contain a specific string.
8Search Analytics Panel - Saved Searches- Restrict users to see only Search Analytics saved searches that begin/end with or contain a specific string.
- Restrict users to create only Search Analytics saved searches that begin/end with or contain a specific string.
9Search Analytics Panel - Monitors- Disable the management of Search Analytics Alerting for subaccount users because alerts must be configured using the permissions of the primary user.
10System Dashboard Panel- Disable for non-admin users since the dashboard shows cluster-wide information.