ChaosSearch includes built-in authentication and authorization controls so that account administrators can create and manage static subaccounts and groups of access roles. There are user interfaces as well as API endpoints for managing subaccounts and groups.
Users with account administration privileges can define static subaccounts using the Users page. A sample Accounts > Users page follows:
The Users page shows only subaccounts, never the tenant account information.
Administrators use the Groups page to define roles (for example, which buckets, object groups, and views can be accessed, whether the user has object group admin, Kibana user, Kibana designer, and so forth). The group roles are permissions that authorize the use of specific features and access to specific information.
Subaccount users can be associated with one or more groups to grant that user the set of permissions associated with the groups. The subaccounts and groups also support the SSO authorization features. A sample Accounts > Groups page follows:
Administrators can create groups using the Groups UI and by specifying the RBAC permissions as blocks of values for the group, or by importing a JSON file of permissions and rules. See Recommended RBAC Group Setups for an example of a common group model.
Updated about 1 month ago