Graylog2-server: Has Permissions changed in Graylog 2.0.2
Problem description
Previously with Graylog 1.3.x we needed more granularity into a role, that was not directly possible to achieve from the ui.
Let me explain
We needed a developer role whose members could see the Search feature without necessarily having to be on a stream (search menu that is available for admins) along with few other permissions.
So what we did was create the dev role from the UI, and then update the permissions using the API
Our dev role was set to this
{
"name": "Dev",
"description": "Developers Role",
"permissions": [
"dashboards:create",
"dashboards:read",
"sources:read",
"streams:create",
"streams:read",
"messages:analyze",
"searches:absolute",
"searches:keyword",
"searches:relative"
],
"read_only": false
}
And this was working fine in 1.3.x
After the upgrade to 2.0.2, this is no longer working, even though when I check the user's permissions that is a member of Dev role, (using the API) I get to see the above permissions.
Checking the RestPermissions.java I see those permissions are still valid.
Did something change that I need to adjust? or is there a regression in the way permissions work?
To make matters worse, I tried to create a test role from the UI to see if there was any change in schema.
I tried with Chrome and Firefox and no matter what the Save button is not clickable
Basically can't add roles
Not sure if this is local to my environment or a possible regression.
Dev console of the browser gives the following warnings (not sure if they are relevant)
Warning: Failed propType: Invalid prop `items` of type `List` supplied to `TableList`, expected instance of `List`. Check the render method of `PermissionSelector`.
Warning: Failed propType: Invalid prop `data` of type `object` supplied to `TypeAheadDataFilter`, expected `array`. Check the render method of `TableList`.
Steps to reproduce the problem
Problem 1
- Create a Dev role using API as described above
- add a member to that role
- test it in 1.3.x, the user has access to Search / Sources ... (whatever permissions allow)
- Repeat the same in 2.0.2
Search is not available
Problem two
Try to add a new role using the WEB UI of 2.0.2
- Fill in a name, description and select at least one permission
- Can't save (not clickable)
Environment
AWS Image
- Graylog Version: 2.0.2
Thanks
123dev
All 8 comments
Hi @123dev,
Regarding the permissions issue, what do you mean exactly by "search is not available"? Using the example role you kindly provided, I am seeing that the navigation bar doesn't show the search tab, but I can still access /search by typing it on the navigation bar. Is that the issue you are experiencing or is there something else?
I couldn't reproduce the second issue you reported regarding the "Save" button in the roles page. Could you please tell us how you tried to create it? A page screenshot when you would be ready to click "Save" it's probably the best way for me to see how you did it.
Thank you!
edmundoa
on 16 Jun 2016
Thanks edmundoa
Here's what I get logging in with a user with dev role
and here's what we're missing (I'm logged it as admin for this one)
This was working as expected in version 1.3.x
As for creating role issue.
i just tried in IE and same problem
I add a role
Fill in as follows
The save button is not enabled to be pressed.
And notice the warning message about Please name the role and select at least one permission to save it.
As if some js validation is not detecting that I have those fields already filled.
Thanks for looking into it.
123dev
on 16 Jun 2016
Thank you for the clarification, it definitely helps!
Could you please check if going to the search page directly by typing http://<graylog-web-host>/search in the navigation bar works?
Regarding the second issue, the checkbox you are checking is meant to apply permissions in more than one stream or dashboard, but has otherwise no effect. You need to select the kind of permissions you want on the right side of the table. The buttons look like this:
Once you click on the kind of permissions you want, the save button should be enabled.
edmundoa
on 16 Jun 2016
Thanks edmundoa,
For the problem 1
Indeed I was able to access the search and sources by specifying the url.
For the problem 2
I feel silly that I didn't realize that I needed to set Allow Reading or Allow Editing for the role creation issue. :(
Thanks for pointing it out, that works
Thanks
123dev
on 16 Jun 2016
You are welcome!
The fix for the first issue is on the way. For the second, don't worry, I even get confused by that sometimes. I think that's a sign saying that we need to improve the usability a bit there.
edmundoa
on 16 Jun 2016
Awesome :)
Many thanks.
123dev
on 16 Jun 2016
This issue was fixed in https://github.com/Graylog2/graylog2-server/pull/2366, and the fix was released in 2.0.3.
edmundoa
on 22 Jun 2016
Thanks Edmundo,
I can confirm that v2.0.3 resolved our issue.
Much appreciated.
123dev
on 23 Jun 2016
Related issues
cflinspach
路
3Comments
jozefbarcin
路
3Comments
naisanza
路
4Comments
1tft
路
3Comments
deanilenko
路
3Comments