Permissions Requirements

LogScale requires access levels and authorizations to perform operations, including repository and view permissions, organization administration, cluster management, and feature-specific requirements. The supported functionality and specific permission requirements across different aspects of the system manage the access controls needed for the user roles.

The following sections contain reference information about the necessary permissions to perform activities in LogScale.

Organization Administration Permissions

The Organization permissions allow control for an individual organization.

Table: Fleet management Permissions

Users Description Shorthand/API Name
Change fleet management Change fleet management settings and configurations ChangeFleetManagement
View fleet management View Fleet Management settings and configurations ViewFleetManagement

Table: Permissions and user management Permissions

Users Description Shorthand/API Name
Change all view or repository permissions Change all view or repository permissions ChangeAllViewOrRepositoryPermissions
Change organization permissions Change organization permissions ChangeOrganizationPermissions
Change organization security policies Change organization security policies ChangeOrganizationSecurityPolicies
Change sessions Change session configuration and active sessions ChangeSessions
Manage users Manage users, groups, and roles ManageUsers

Table: Organization settings Permissions

Users Description Shorthand/API Name
Change IP filters Create and update IP filters ChangeIPFilters
Change organization settings Change organization settings ChangeOrganizationSettings
View all internal notifications View all internal notifications ViewAllInternalNotifications

Table: Repository and view management Permissions

Users Description Shorthand/API Name
Create repository Create repositories CreateRepository
Delete all repositories Delete all repositories DeleteAllRepositories
Delete all views Delete all views DeleteAllViews
Ingest across all repositories within organization Ingest across all repositories within organization IngestAcrossAllReposWithinCluster
Manage view connections List all views and repositories, create views linked to any repository, update connections of any existing views ManageViewConnections

Table: Other Permissions

Users Description Shorthand/API Name
Change all triggers that run on behalf of users, which users they run on behalf of and all actions Change all triggers that run on behalf of users, which users they run on behalf of and all actions ChangeTriggersToRunAsOtherUsers
Export organization Export organization so that it can be imported to another cluster ExportOrganization
View usage View usage statistics ViewUsage

Table: Query Monitoring Permissions

Users Description Shorthand/API Name
Block queries Allow user to configure query blocking BlockQueries
Monitoring queries Allow user to use the Query Monitor MonitorQueries

Cluster Management Permissions

Cluster management permissions and authorization roles control access across an entire system, organized into four key permission categories: general system permissions, subdomain management, cluster administration, and organization management. Each category details specific user capabilities ranging from feature flag controls and system-wide configurations to organization-level management and health monitoring, with clear descriptions and corresponding API names for implementation.

Cluster management permissions control access and use across the entire cluster, including the ability to manage and assign organization level permissions.

Table: Other Permissions

Users Description Shorthand/API Name
Change feature flags Change the feature flags that enable functionality for the whole cluster or for a specific organization ChangeFeatureFlags
Change system permissions Change system permissions ChangeSystemPermissions
Change username Change the user name for an existing user ChangeUsername
Delete Falcon owned repositoryLogScale Delete a LogScale system repository. Granting this permission will enable actions that could prevent LogScale from diagnosing and resolving system issues. Only grant this permission if absolutely necessary and you understand the potential impact on system observability. DeleteHumioOwnedRepositoryOrView
Ingest across all repositories within cluster Allow data to be ingested across all repositories IngestAcrossAllReposWithinCluster
Manage parent child relationships between organizations ManageOrganizationLinks

Table: Subdomains Permissions

Users Description Shorthand/API Name
Change subdomains Change subdomain configurations ChangeSubdomains
List subdomains List available subdomains ListSubdomains

Table: Cluster management Permissions

Users Description Shorthand/API Name
Change bucket storage Change bucket storage configuration ChangeBucketStorage
Manage cluster Manage cluster parameters and operations. This permission also grants access to a lot of the Organization level permissions. ManageCluster
Patch global Allow modifying the global snapshot information [a] PatchGlobal
Read cluster health check Read the information generated by the cluster health check ReadClusterHealthCheck

[a] This permission should not be used without referring to LogScale support


Table: Organization management Permission

Users Description Shorthand/API Name
Delete organizations Delete organizations from the cluster DeleteOrganizations
Import organization Import organization to the cluster ImportOrganization
Manage customer organizations Manage customer organizations ManageOrganizations

Permissions and Supported Functionality

The following lists detail which permissions are required to support different areas of functionality, linking to the corresponding page.

Change archiving settingsChange Azure ingest feedsChange event forwardingChange ingest feedsChange Ingest tokensChange organization permissionsChange organization settingsChange permission tokens on repo or viewChange sessionsManage cluster
Manage ClusterManage customer organizationsManage organizationsManage usersRoot userView usage
Functionality Permission Requirements

The following lists detail which functionality (and their corresponding pages) require which permission to use.

Monitor Usage
Query Quotas

  • Root user

Specify quotas

  • Root user

Quota types

  • Root user

Data Archiving
Azure Archiving
GCS Archiving
Data Retention (in "Data Analysis 1.229.0-1.234.0")
Ingest Data from AWS S3
Delete an Ingest Feed
Edit Ingest Feed Configuration
Blocking and Unblocking Ingestion

  • Manage Cluster

Event Forwarders
Configuration
Ingest Feeds
Ingest Data from Azure Event Hubs
Delete an Azure Ingest Feed
Edit Azure Ingest Feed Configuration
Ingest Listeners

  • Manage Cluster

Creating Ingest Listeners

  • Manage Cluster

View Ingest Listeners

  • Manage Cluster

Ingest Tokens
Custom Tokens
Delete an Ingest Token
Assign a Parser to a Token
Generating Ingest Tokens and Assigning Parsers
Organization Settings
Create Repository API Tokens
Manage Repository API Tokens
Users and Permissions
Asset permissions
Manage Groups
Group Roles
Add or change roles
Create New Groups
Assign default role for groups
Role exceptions for repositories

  • Manage organizations

Group Memberships
Query prefix for roles assigned to groups
Grant permissions to specific assets to groups
Group Synchronization
Default Role Permissions
Manage Roles
Aggregate permissions
Set Up Roles in a File
Manage Users
Create user accounts
Edit a user account
List of users
Remove a user account
Manage User Roles
Grant Permissions to Specific Assets
Asset permissions on roles
Share assets in a view
Configure session cookies
Session management
Set session parameters
Manage active sessions
License Installation