Managing Users & Permissions

Security Requirements and Controls

LogScale's role-based access control (RBAC) model enables authorization of users based on roles with different sets of permissions. We distinguish between authentication, which establishes the identity of the user, and authorization, which decides what are the actions an authenticated user may perform.

Access Control Concepts

The RBAC model is centered around three concepts: users, groups, and roles. They're described here:

  • Users

    In LogScale, a user is allowed to do specific actions if one or more needed permissions are assigned them. Permissions can be assigned either specifically to the user, or via a Group of which they're a member.

  • Groups

    Groups contain Users, which provide access for a single user. Groups collect multiple users together into manageable collections with specific permissions provided by Roles.

  • Roles

    Roles define the permissions given to a user or a group of users across a range of access rights.

Groups are assigned roles in the context of a repository, giving all members of the group the permissions contained in the role. A user action on a repository is allowed, or authorized, if the user is a member of a group that has a role containing the needed permission.

At repository level, roles can be assigned to a user directly, without needing a Group.

Authorization Concepts

Figure 66. Authorization Concepts


If a user is member of more than one Group that has been assigned a role in a specific repository, the user has the combined permissions from the roles involved. So in the above diagram, Tom is both a member of Support UK and Devs DK which makes him an Admin and a Searcher in the Web Log repository.

Root access is a per-user property and independent of Roles and Groups. See Root Access.

In LogScale, users are allowed to do specific actions if one or more needed permissions are assigned to them. Permissions can be assigned either directly to the user or via a group of which they are a member. Permissions are always assigned in sets called Roles.

If you're the one setting up LogScale — either because you've created a new organization on LogScale Cloud and you're the owner, or you're a root user of an on-premise installation — you will by default have the permissions required to assign roles to users.

For more information, see the following documentation pages:

Permission Levels for information on the different permission levels available.

Managing Users for information on how to create users.

Managing Groups for information on how to assign users and permissions to groups, set group memberships and synchronize groups.

Managing Roles for information on how to manage roles and assign permissions.

Repository & View Permissions for a list of the different permissions that can be assigned.