- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can we specify authorization at data input source level? Like I created a TCP source, but I want it to be available (while searching) to a specific group/role/user only. Not for everyone.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could specify a custom index within the input configuration. For example:
[monitor:///var/log/custom.log]
index = special
You can then create a custom role which allows only access to this index by modifying authorize.conf:
[role_custom]
importRoles = user
srchIndexesDefault = special
srchIndexesAllowed = special
To ensure other roles are unable to access this special index, you should verify that the srchIndexes* settings do not specify * or the special index.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could specify a custom index within the input configuration. For example:
[monitor:///var/log/custom.log]
index = special
You can then create a custom role which allows only access to this index by modifying authorize.conf:
[role_custom]
importRoles = user
srchIndexesDefault = special
srchIndexesAllowed = special
To ensure other roles are unable to access this special index, you should verify that the srchIndexes* settings do not specify * or the special index.
