Assign Roles to Groups

Security Requirements and Controls

Manage users permission

Once you have created a group, you can assign users and permissions to it.

Any user who is assigned the Change user access permission (see Figure 81, “Change User Access”) can assign permissions to groups for a repository. Groups can also be assigned permissions from the Groups page by an organization owner or root.

Note

If you intend to administer access to repositories and views centrally by an organization owner or root only, be sure not to grant the Change user access permission to anyone. In practice, this means removing the permission from all roles thus not allowing any users to go to a repository or view and add another user or group directly.

If you do not want to administer groups and roles as new repositories are created, you have the option of defining default permissions for a group here as well.

Go to Users and permissions → Groups and select your group from a list of available groups. You can search if the groups you are looking for are not immediately visible in the list.
To assign users to the group, go to the Users tab, click + Add... and select a user from the dropdown, then click Save:
Figure 72. Assign Users to Groups

The user is now added under the Users tab for that group.
To assign default permissions to the group click the Permissions tab, click the cog icon to assign the default permissions of a role to all repositories and views or to individual ones, then click Apply.
Figure 73. Assign Default Permissions to Groups
In the Query prefix area, you can define a query prefix which is effectively a search filter applied to any search.
Figure 74. Query prefix

For example, you may add a query prefix host=web* for the group. This is a LogScale query that acts as a filter when any member of the group searches the repository developer. In effect, a user of the group is only allowed to see log lines that have a host field that starts with web, for example, web-server01, web-server02 and so on. This allows partitioning of data at search time.
Note
Query prefix only accepts Query Filters whereas Query Functions are not allowed.
It's also possible to define a default query prefix if a default role has been selected. Meaning the default query prefix will be applied to all searches in all repositories unless an exception is defined.

Self-Hosted Overview

Instance Administration

Organization Essentials

Configure Security

API Tokens

IP Filters

Security policies

Session management

Audit Logging

Authentication & Identity Providers

Users & permissions

Manage Users

Manage Groups

Manage Roles

Permissions requirements

Cluster Management

Configuration Settings

Ingesting Data

Configuration Variables

LogScale URLs & Endpoints

Limits & Standards

Deployment Overview

Planning Your Deployment

Provisioning

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

LogScale Kubernetes Reference Architecture

Installing Load Balancers

Deploying Auxiliary Services

Humio Operator

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts