Manage Roles

Security Requirements and Controls

Manage users permission

All roles available and the permissions granted via the roles are displayed in the User Interface in the Roles page.

Depending on the permission level chosen, you can assign different permissions for any new role you create. For example, you can create an Organization management role type and name it, say, "Operations", which grants permissions such as the capability to view all internal notifications, or to manage other users.

LogScale comes with a predefined set of roles — Reader, Admin, Member and Deleter. All of these roles (except Reader) may be customized to your specific needs. Keep in mind that it is generally a good idea to grant as few permissions as possible and to add more as needed.

Note

You need to be an Organization Owner on Cloud or a root user on self-hosted installations to have access to the Roles page and assign roles to users. Or you need to have the Change user access permission:

Figure 69. Change User Access

See the full list of available permissions along with descriptions of their usage at Repository & View Permissions.

To add new roles or customize existing roles:

Click on the user menu icon and select Organization Settings → Roles.
Figure 70. Roles
Click + Add to create a new role; enter a name for the new role such as "Operations", and select a Permission level for the role, for example, Organization management.
Figure 71. Add Roles
Set the permissions for the role. For example, if you wish to create a strictly read-only role, select the Data read access checkbox and nothing else, then click Create role:
Figure 72. Assign Permissions to Roles

User asset permissions allow users with this role to create, edit, and delete the asset types selected. Asset permissions can only be added to a role if the role has Data Read Access; otherwise they are not available.
The new role can now be assigned to groups via the Groups page of the User Interface, where you are prompted to configure the permission levels for a group — see Figure 59, “New Group Created”.
To customize an existing role and change its permissions, or to remove it, select the role and click Edit role or Delete role:
Figure 73. Customize or Remove Roles

Aggregate Permissions

When you have defined more than one role under a Repository and View, Organization, or Cluster, you can get a combined view of the available permissions for all roles — all permissions in a specific repository, for example. This gives you an overview if you want to know exactly which permissions you have.

Click on the user menu icon and select Organization Settings → Users.
Select one of the users that have multiple roles assigned and click on a repository.
Click Show aggregate permissions in the Permissions panel.
Figure 74. Aggregate permissions

You can always select a single role instead to see only the permissions for that role.

Cloud Overview

Getting Started

Instance Administration

Organization Essentials

Configure Security

API Tokens

IP Filters

Security policies

Session management

Audit Logging

Authentication & Identity Providers

Users & permissions

Manage Users

Manage Groups

Manage Roles

Permissions requirements

Ingesting Data

LogScale URLs & Endpoints

Limits & Standards

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Manage Roles

Security Requirements and Controls

Note

Aggregate Permissions

Enter search term