The organization's owner can choose between two permission models for users. As the default, a new organization is set to repository-based access control. This means that permissions are set for each repository. With this model, there are three pre-defined roles: Member, Administrator and Eliminator. The distinctions of these roles are covered below on this page. See the Authorization documentation page for more information on this method.
The role-based (advanced) and repository-based (simple) permission models are now unified into one simpler and more expressive model. The new permissions model is currently released on our US and EU clouds, see User Permissions for more information.
You might find being limited to three pre-set roles restrictive. In which case, you may want to choose the role-based access control. See the Role-Based Permissions documentation page on how to add users and roles with this permissions model.
Figure 137. Add Users
Users are added to an organization in Humio, under the Users and Permissions section. Just click on the Users tab to start. For a new account, you'll see just one user, yourself. In the screenshot shown in Figure 137, “Add Users” here, you can see the organization owner and that one user has been added.
To add more users, click on the + Add... button to start the process of adding a user. A small dialog box will appear asking you to enter a user name. We recommend you use their organization email address. This will generate an email that will be sent to them, inviting them to join your Humio organization. It will also give them some basic instructions and links to log into Humio Cloud.
Once you add a user login name (i.e., the user's email address), you can add some profile information in the right panel (see Figure 137, “Add Users”), under Details. You would click Save to save any information you enter. Should you ever want to remove a user, you would do so under where it says, Danger Zone. It's highlighted in the screenshot here. Under that same tab, you can promote a user to Organization Owner — you can have more than one, by the way.
Figure 138. Users from Repository
Since you've chosen the repository-based permissions model, you can also add and otherwise manage users from the repository. When you're on the page in which you would search a repository, click on the Settings at the top. Then click on the Users tab, in the left margin under Access Control.
Assigning Roles & Groups
Figure 139. Pre-Set Repository User Groups
You can assign a user to a particular group and give them permissions by assigning them roles, under Groups & Permissions for that user. This may be confusing as to where this is, so look at the screenshot in Figure 137, “Add Users” above. Notice from the highlighted text that you can assign a user to a group, but you cannot assign a role to that user. This is because there is only one pre-set role for each pre-set group. You can't add groups or roles with the repository-based permissions model.
As mentioned earlier, there are three roles Member, Administrator and Eliminator. A user who has been assigned the Member role can search the repository and do a few other non-damaging tasks. Users who are assigned the Administrator role has more search possibilities and can manage the ingesting of data into the repository. The Eliminator role allows for the deleting of data, something neither of the other two roles can do.
Since there is a group for each role, each group name is prefixed with
the repository name, as you can see in
Figure 137, “Add Users”, making
for three groups. For the example user,
bob in figure
above, he has been assigned two groups, allowing him to search the
repository and to delete data from it, among other things.
You can see the list of groups by clicking on the Groups tab in the left margin (see the screenshot in figure above). That will show you the three pre-set groups. Again, you can't add, rename, or delete these groups. If you click on a group in the list, you'll see the repositories and views that are associated with it. You can't add or remove a repository or view either.
Permissions are set and unchangeable for the roles, but if you'd like to see what permission a role has, while you're on the Groups tab on the left, viewing a particular group, under the Repositories and Views tab in the main panel on the right, you can click on that repository's name to see the permissions. You can see all of this in Figure above — you can also see these permissions by going to the Roles tab on the left. Still under Groups, though, you can click on the Views tab on the right for a particular group to see who is a member of that group. You may add and remove users to a group there.