ChaosSearch RBAC
An overview of the user and group role-based access controls for ChaosSearch
Role-based access control enables you to control the actions a user can perform within the ChaosSearch platform. Roles control access to the different sections (Storage, Groups, Views, Search Analytics, SQL Analytics, and System Dashboard), specific object groups or views, intervals, and even the fields and documents users can access.
The complete list of RBAC permission settings are documented in RBAC Configuration. The following table summarizes some common grants and restrictions to system resources that can be applied to RBAC groups with some suggested settings for end users (team users).
| # | System Resources | RBAC Permissions |
|---|---|---|
| 1 | Storage Panel - Buckets | Restrict users to seeing only source buckets that begin/end with or contain a specific string. Restrict users to creating source buckets that begin/end with or contain a specific string. |
| 2 | Storage Panel - Files in bucket | * Restrict users to seeing only specific files in a bucket in the file viewer. |
| 3 | Groups Panel - Object groups | Restrict users to seeing only those object groups that begin/end with or contain a specific string. Restrict users to creating object groups that begin/end with or contain a specific string. * Restrict users to creating object groups that reference source buckets that begin/end with or contain a specific string. |
| 4 | Views Panel | Restrict users to creating views that begin/end with or contain a specific string. Restrict users to creating views that reference object groups that begin/end with or contain a specific string. * Restrict users to seeing views that begin/end with or contain a specific string. |
| 5 | Search Analytics Panel - Views | Restrict users to seeing views that begin/end with or contain a specific string. Restrict which views can be seen/searched when using Kibana (discover/vis/dashboard/monitor). |
| 6 | Search Analytics Panel - Kibana Dashboards | Restrict users to see only Kibana dashboards that begin/end with or contain a specific string. Restrict users to create only Kibana dashboards that begin/end with or contain a specific string. |
| 7 | Search Analytics Panel - Kibana Visualizations | Restrict users to see only Kibana visualizations that begin/end with or contain a specific string. Restrict users to create only Kibana visualizations that begin/end with or contain a specific string. |
| 8 | Search Analytics Panel - Kibana Saved Searches | Restrict users to see only Kibana saved searches that begin/end with or contain a specific string. Restrict users to create only Kibana saved searches that begin/end with or contain a specific string. |
| 9 | Search Analytics Panel - Kibana Monitors | * Disable Kibana Alerting for team members since alerting queries run as the primary account user. |
| 10 | System Dashboard Panel | * Disable for non-admin users since the dashboard shows cluster-wide information. |
Updated 5 months ago