Security, Logins, and Access Control

LogScale has created an ecosystem of security measures designed to keep organizations, their data, and their users safe, visible, and accessible within given parameters.

Role Based Access Control (RBAC)

Maintaining appropriate security boundaries and controlling access within your LogScale environment relies on effective user management. LogScale's comprehensive Role-Based Access Control (RBAC) system is the tool for managing user accounts and their access permissions.

User access

Effective user management is an essential part of ensuring access control across your environment, and LogScale provides tools for managing the complete lifecycle. Administrators can complete the following tasks for their LogScale environments:

  • Creating and editing user accounts

  • Assigning and customizing roles with specific permission sets

  • Granting granular permissions to specific assets

  • Removing users from the system

A user's access can thus be dictated by the needs of their role and organization, on an individual basis.

For more information, see Manage Users.

Group access

Establishing groups in LogScale allows administrators to efficiently control user permissions across access levels, roles, repositories and views, etc. This can be achieved through external system synchronization or directly, and can be modified as needed by administrators with ‘Manage Users' permissions or root access. It's important to note that any user with the ‘change user access' permission can assign permissions to groups for a repository.

For more information see Manage Groups.

General Data Protection Regulation (GDPR)

LogScale incorporates methodologies that align to GDPR standards so as to avoid more third parties involved with an organization's data than necessary. LogScale automatically creates audit log events for many user actions, ensuring a transparent, trustworthy, and GDPR-compliant activity record. These events are split into two categories, sensitive and non-sensitive.

Sensitive events, such as changes to repository role assignments, retention settings, or the deletion of repositories and data sources, are tagged with #sensitive="true". This critical security measure logs sensitive actions immutably within LogScale, safeguarding the audit trail's integrity. All audit log events are written to the dedicated internal repository, humio-audit.

For more information, see Audit Logging.

API tokens

The capabilities of a given API token dictate what is possible for a given user to achieve- they provide specific permissions and limits when a user accesses and uses LogScale via the token. There are three types of API token:

  • General API tokens that have a limited set of capabilities based on user need and often come with an expiration date

  • Personal API tokens that also have a set of capabilities, usually much more broad, that has no expiration date

  • Organization API tokens that provide granular access to an organization for management tasks

Each type of token has its own use cases and benefits, and is created with one or more parameters:

  • API Token name

  • API Token domain

  • Permissions

  • IP Filter

  • Expiration Date

API tokens provide access to LogScale via the API. As a result, the following controls apply to all tokens:

  • Expired tokens cannot be extended or renewed

  • Tokens that have been created with an IP filter cannot have the filter removed

  • The token secret cannot be modified, but it can be 'reset', generating a new random string to be used for accessing the API

Token creation and usage is tracked within audit logs using the tokenType field.

For more information, see API Tokens.

IP filters

IP filters are named groups of filter rules that either deny or allow access based on the standard IPv4 or IPv6 address best practice for naming rules. IP filter rules enhance LogScale security by restricting network access to specific areas of the product, such as the API and shared dashboards. Named IP filters can be created for API tokens and Wall monitors/shared URLs to limit access, for example, restricting an API token used for user management to a specific IP address or network range.

For more information, see IP Filters.

Administrative security policies

Administrative Security Policies allow administrators to enforce heightened security measures for particular features within LogScale. These policies can completely disable certain functions, restrict their use to specific networks or hosts, or define precise controls over how they are utilized. For instance:

  • Dashboard Security Policies govern whether shared dashboards are permitted and which IP filters apply to them.

  • Action Security Policies manage the allowance of actions (like sending an email or communicating with a third-party tool) and can restrict the URLs or email addresses used as destinations.

  • API Token Security Policies set limitations on the creation and usage of API tokens, including token group availability, maximum duration, and supported IP filters, thereby providing granular access control for API operations.

Some security policies are designed to work in conjunction with the IP Filters functionality to further limit access within the organization.

For more information, see Security policies.

Session management

LogScale employs session management to control the security and duration of a user's connection to the platform.

LogScale establishes a session between the web frontend and the backend API using a secure cookie. This session cookie is strictly limited to storing only a session identifier, ensuring a secure communication channel.

Sessions enforce security by controlling the lifetime of a user's login through:

  • Inactivity Timeout: Limiting the maximum period a user can be idle before automatic logout is required.

  • Maximum Login Duration: Enforcing a maximum time limit after which a user must log in again, regardless of their activity.

Configure session parameters

Organization owners can manage global session security via the Session settings administrative interface, which allows configuration of both the inactivity timeout and the maximum login duration.

Self-managing sessions

Users can navigate to the Sessions page to view all their active sessions. From this page, a user can:

  • End an individual active session.

  • End all active sessions simultaneously.

Note

Ending all sessions will immediately log the user out of their current session.

Organization-level session management

Organization owners with appropriate permissions can access the Active sessions interface to oversee all current active sessions for users within the organization. Administrators can:

  • Search and filter sessions by user ID.

  • Terminate individual sessions.

  • End all sessions for all users in the organization. Note: Ending all organization sessions will immediately log the administrator out of their current session.

For more information, see Session management.

Audit logging

LogScale automatically creates audit log events for many user actions to maintain a transparent and trustworthy record of activity, with built-in compliance for GDPR requirements.

Sensitive events, such as changes to repository role assignments, retention settings, or the deletion of repositories and data sources, are marked with the tag #sensitive="true". This is a critical security measure as these sensitive actions are logged in a way that makes them immutable (non-changeable) within LogScale itself, ensuring the audit trail remains trustworthy. All audit log events (both sensitive and non-sensitive, tagged with #sensitive="false") are written to the dedicated internal repository, humio-audit.

For specific details on the format and structure of these logs, refer to the documentation on The humio-audit Repository.

For more information, see Audit Logging.