Record Level Permissions (Graylog Support?)

[scMarkus]

Is your feature request related to a problem? Please describe. We are using Graylog in its open source version with an open search backend. For easy scalability on affordable storage Quickwit would be a good alternative. Replacing Graylog entirely with Quickwit is missing permissions at the moment (Have a user only see records with certain field values that is).

Describe the solution you'd like Either

• find some way of limited access to records by user or
• support Graylog as a frontend so it handles user permissions. Since Graylog does alerting as well and is configured already this approach is preferred.

Describe alternatives you've considered

• Grafana as far as I can see would not support record level permissions but only limiting access to data sources entirely. But this only applies for enterprise versions of Grafana.
• starting up Graylog targeting it to Quickwit as a storage returns version errors.
• similar to the previous one OpenSearch Dashboard does not even start up. If it would it likely does not provide the permission feature on its own.

Additional context I have seen some mentions of tenants in the documentation but no way of utilizing it as a permission tool inside Quickwit directly. Our Idea is having a single scalable system used by many users / teams to send there application logs to. This entails potentially sensitive data and therefore has to be protected against leakage.

[fmassot]

Thanks, @scMarkus, for reporting this. Supporting GrayLog would be awesome, would love to have a quick chat with you to see how we can do this, you can join our discord server and ping me (@fmassot)