search

emmanuel-benoit / graylog-groups

A program that controls Graylog privileges based on LDAP groups.
GNU General Public License v3.0
4 stars 0 forks source link

Privilege on stream applied by tool but not showing in Graylog #2

Closed gpavinteractiv closed 3 years ago

gpavinteractiv commented 3 years ago

Hello,

I configured a group with the privilege to a stream. : 

  cn=appteam,cn=groups,cn=accounts,dc=hostics,dc=fr:
    roles:
      - Reader
      - Dashboard Creator

    privileges:

      - type: stream
        id: 608f98fa71724935b8e90ded
        level: read

A user from that group exists in Graylog and the tool reported having given access : 

level=trace msg="Computed group membership" application=graylog component=graylog-groups groups="[cn=appteam,cn=groups,cn=accounts,dc=domain,dc=fr]" user=cdel
level=trace msg="Computed roles" application=graylog component=graylog-groups roles="[Dashboard Creator Reader]" user=cdel
level=trace msg="Computed privileges" application=graylog component=graylog-groups privileges="[streams:read:608f98fa71724935b8e90ded]" user=cdel
level=info msg="Setting permissions" application=graylog component=graylog-groups privileges="[streams:read:608f98fa71724935b8e90ded]" user=cdel
level=trace msg="Executing Graylog API call" application=graylog base="https://graylogserver/api" component=graylog-groups method=PUT path=users/cdel/permissions username=admin
level=trace msg="Executed Graylog API call" application=graylog base="https://graylogserver/api" component=graylog-groups method=PUT path=users/cdel/permissions status=204 username=admin

However in the UI the stream still shows no one with access

emmanuel-benoit commented 3 years ago

Sadly there is nothing I can do about this. Permissions set using the /users/{login}/permissions endpoint (which is what my tool does) are not displayed anywhere on the Graylog interface. I have added a note in the README to indicate that problem.