Hi Jason,

the required permissions are:

   - searches:absolute
   - searches:keyword
   searches:relative

See 
https://github.com/Graylog2/graylog2-server/blob/2.1.1/graylog2-server/src/main/java/org/graylog2/shared/security/RestPermissions.java#L106-L108

Cheers,
Jochen

On Thursday, 22 September 2016 23:38:08 UTC+2, Jason Haar wrote:
>
> Hi there
>
> I'm wanting to create a "read only" admin account that can do any search 
> query against graylog that we want. I created a local account (normally we 
> use LDAP) which just had the "Reader" role - and it couldn't do anything. I 
> then gave it the Admin role and it could indeed search for everything
>
> But I want a "read only" account. This is going to be in scripts - and I 
> don't want scripts lying about with full admin privs. So I played around 
> with other Roles - but they are all stream-specific.
>
> So can someone tell me how I can create a Role that allows universal 
> search - but with no form of write access?
>
> Thanks
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6c0335eb-a4f1-4ff1-b847-89b8e3d4ff2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to