(hertzbeat) 01/02: chore: update sureness yml

Wed, 26 Nov 2025 07:13:29 -0800 

This is an automated email from the ASF dual-hosted git repository.

gongchao pushed a commit to branch update-sureness-yml
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git

commit bc9ce2f62db9b70e33f9c7f1106574cd798adcb8
Author: tomsun28 <[email protected]>
AuthorDate: Wed Nov 26 22:16:11 2025 +0800

    chore: update sureness yml
---
 home/docs/help/security_model.md                                   | 2 ++
 .../docusaurus-plugin-content-docs/current/help/security_model.md  | 2 ++
 script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml      | 7 +++++++
 script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml   | 7 +++++++
 .../hertzbeat-mysql-victoria-metrics/conf/sureness.yml             | 7 +++++++
 .../hertzbeat-postgresql-greptimedb/conf/sureness.yml              | 2 +-
 .../hertzbeat-postgresql-victoria-metrics/conf/sureness.yml        | 7 +++++++
 script/sureness.yml                                                | 7 +++++++
 8 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/home/docs/help/security_model.md b/home/docs/help/security_model.md
index 474cf9422b..39ab4afe95 100644
--- a/home/docs/help/security_model.md
+++ b/home/docs/help/security_model.md
@@ -16,6 +16,8 @@ Apache HertzBeat™ uses 
[Sureness](https://github.com/dromara/sureness) to supp
 
 Use the `sureness.yml` provided by Sureness to configure user accounts, roles, 
API resources, etc. It is strongly recommended that the initial user modify the 
account password. For details, refer to [Account Permission 
Management](../start/account-modify)
 
+Please note that the role permission function is being improved, please do not 
use roles to control user permissions, all users have management permissions.
+
 ## Monitoring Template Security
 
 Apache HertzBeat™ provides a monitoring template feature that allows users to 
define monitoring rules by configuring custom monitoring templates and custom 
scripts.
diff --git 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
index df8338c00a..75e0169787 100644
--- 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
+++ 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
@@ -16,6 +16,8 @@ Apache HertzBeat™ 使用 
[Sureness](https://github.com/dromara/sureness) 来
 
 使用 Sureness 提供的 `sureness.yml` 来配置用户账户,角色,API资源等,强烈建议初始用户修改账户密码,具体参考 
[账户权限管理](../start/account-modify)
 
+请注意角色权限功能正在完善中,请勿使用角色来控制用户权限,所有用户均拥有管理权限。
+
 ## 监控模板安全
 
 Apache HertzBeat™ 提供了监控模板功能,用户可以通过配置自定义监控模板和自定义脚本来定义监控规则。
diff --git a/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git a/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git 
a/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git 
a/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml 
b/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
index 51c666f459..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
@@ -73,7 +73,7 @@ resourceRole:
   - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
-# rule: api===method
+# rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
diff --git 
a/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml 
b/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- 
a/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
+++ 
b/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git a/script/sureness.yml b/script/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/sureness.yml
+++ b/script/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to