Hi Jason, the required permissions are:
- searches:absolute - searches:keyword searches:relative See https://github.com/Graylog2/graylog2-server/blob/2.1.1/graylog2-server/src/main/java/org/graylog2/shared/security/RestPermissions.java#L106-L108 Cheers, Jochen On Thursday, 22 September 2016 23:38:08 UTC+2, Jason Haar wrote: > > Hi there > > I'm wanting to create a "read only" admin account that can do any search > query against graylog that we want. I created a local account (normally we > use LDAP) which just had the "Reader" role - and it couldn't do anything. I > then gave it the Admin role and it could indeed search for everything > > But I want a "read only" account. This is going to be in scripts - and I > don't want scripts lying about with full admin privs. So I played around > with other Roles - but they are all stream-specific. > > So can someone tell me how I can create a Role that allows universal > search - but with no form of write access? > > Thanks > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6c0335eb-a4f1-4ff1-b847-89b8e3d4ff2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
