(hertzbeat) branch master updated: chore: update sureness yml (#3870)

liuhongyu Thu, 27 Nov 2025 04:11:47 -0800

This is an automated email from the ASF dual-hosted git repository.

liuhongyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git



The following commit(s) were added to refs/heads/master by this push:
     new cc9f53d71a chore: update sureness yml (#3870)
cc9f53d71a is described below

commit cc9f53d71a678a57cfe3d6edbb2ad120fc657ad6
Author: Tomsun28 <[email protected]>
AuthorDate: Thu Nov 27 20:10:46 2025 +0800

    chore: update sureness yml (#3870)
---
 home/docs/help/security_model.md                                   | 2 ++
 .../docusaurus-plugin-content-docs/current/help/security_model.md  | 2 ++
 script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml      | 7 +++++++
 script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml   | 7 +++++++
 .../hertzbeat-mysql-victoria-metrics/conf/sureness.yml             | 7 +++++++
 .../hertzbeat-postgresql-greptimedb/conf/sureness.yml              | 2 +-
 .../hertzbeat-postgresql-victoria-metrics/conf/sureness.yml        | 7 +++++++
 script/sureness.yml                                                | 7 +++++++
 8 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/home/docs/help/security_model.md b/home/docs/help/security_model.md
index 474cf9422b..39ab4afe95 100644
--- a/home/docs/help/security_model.md
+++ b/home/docs/help/security_model.md
@@ -16,6 +16,8 @@ Apache HertzBeat™ uses 
[Sureness](https://github.com/dromara/sureness) to supp
 
 Use the `sureness.yml` provided by Sureness to configure user accounts, roles, 
API resources, etc. It is strongly recommended that the initial user modify the 
account password. For details, refer to [Account Permission 
Management](../start/account-modify)
 
+Please note that the role permission function is being improved, please do not 
use roles to control user permissions, all users have management permissions.
+
 ## Monitoring Template Security
 
 Apache HertzBeat™ provides a monitoring template feature that allows users to 
define monitoring rules by configuring custom monitoring templates and custom 
scripts.
diff --git 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
index df8338c00a..75e0169787 100644
--- 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
+++ 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
@@ -16,6 +16,8 @@ Apache HertzBeat™ 使用 
[Sureness](https://github.com/dromara/sureness) 来
 
 使用 Sureness 提供的 `sureness.yml` 来配置用户账户，角色，API资源等，强烈建议初始用户修改账户密码，具体参考 
[账户权限管理](../start/account-modify)
 
+请注意角色权限功能正在完善中，请勿使用角色来控制用户权限，所有用户均拥有管理权限。
+
 ## 监控模板安全
 
 Apache HertzBeat™ 提供了监控模板功能，用户可以通过配置自定义监控模板和自定义脚本来定义监控规则。
diff --git a/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-iotdb/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git a/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-tdengine/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git 
a/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml 
b/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-mysql-victoria-metrics/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git 
a/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml 
b/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
index 51c666f459..b547db30c4 100644
--- a/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
+++ b/script/docker-compose/hertzbeat-postgresql-greptimedb/conf/sureness.yml
@@ -73,7 +73,7 @@ resourceRole:
   - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
-# rule: api===method
+# rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
diff --git 
a/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml 
b/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- 
a/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
+++ 
b/script/docker-compose/hertzbeat-postgresql-victoria-metrics/conf/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
diff --git a/script/sureness.yml b/script/sureness.yml
index 6ecfb3875f..b547db30c4 100644
--- a/script/sureness.yml
+++ b/script/sureness.yml
@@ -66,12 +66,18 @@ resourceRole:
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]
+  - /api/sse/**===get===[admin,user]
+  - /api/sse/**===post===[admin,user]
+  - /api/chat/**===get===[admin,user]
+  - /api/chat/**===post===[admin,user]
+  - /api/logs/ingest/**===post===[admin,user]
 
 # config the resource restful api that need bypass auth protection
 # rule: api===method 
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by 
anyone, no need auth.
 excludedResource:
   - /api/alert/sse/**===*
+  - /api/logs/sse/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
@@ -88,6 +94,7 @@ excludedResource:
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
+  - /log/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(hertzbeat) branch master updated: chore: update sureness yml (#3870)

Reply via email to