Multi-Cluster Security

Connections to remote clusters are configured using a Repository Token. This token provides explicit access to the data within the view. Role Based Access Control (RBAC) controls security across the multi-cluster views and connections. For more information, see Users and Permissions.

The following sections describe security controls for the multi-cluster view, local connection, and remote connections:

The multi-cluster view requires a limited, read-only access token to a specific remote repository.
The multi-cluster view has read-only access to local connections.
RBAC on the remote cluster controls remote connections within the Multi-Cluster view. Each remote view requires an explicit access token. The token controls access to a single view. When creating multiple multi-cluster views connecting to the same remote repository, you can reuse the same token. Alternatively, create multiple tokens for more granular access control. For more information, see API Tokens
Each multi-cluster view supports one remote connection per cluster.

This information is summarized in the following table.

View Security	Requires Token	Access Controlled By
Multi-Cluster View	No	Multi-Cluster View Cluster
Local Connection	No	Multi-Cluster View Cluster
Remote Connection	Yes	Remote Cluster

You can revoke or delete the access token required for a remote connection. This removes access to the data from the multi-cluster view independently of other connections.

You must provide network access between upstream and downstream clusters. This is in addition to security authorization for local and remote data access. The required ports depend on your cluster configuration. You must include the default query port, 443.

When running queries through Multi-Cluster search:

The remote cluster executes queries as the user configured for the corresponding API token. It does not execute queries as the user on the parent cluster.
When viewing and auditing query execution:
- Use humio-audit on the parent cluster for any multi-cluster queries.
- Use humio-audit on child clusters for queries that are not multi-cluster.
Queries can be correlated by using the federationId in the audit log.

Self-Hosted Overview

Instance Administration

Query Administration

Configure Security

Authentication and identity providers

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

LogScale URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Your LogScale Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts

Multi-Cluster Security

Enter search term