Role-Based Permissions

As the organization owner, if you set the permissions model to role-based, instead of repository-based, you can create your own roles and groups for users. You would set this on the General tab of the Oranization Settings page. This is described Oranization Settings page in this section of the Documentation.

Once you do that, you can begin to add users, add roles, and add groups. It’s not necessary to do them in that order, but since there is some logic to that order, the next few sections present them like this.

Note

The role-based (advanced) and repository-based (simple) permission models are now unified into one simpler and more expressive model. The new permissions model is currently released on our US and EU clouds and will be available for our on-premise customers in the near future.

Adding Users

Figure 1, Add Users

Users are added to an organization in Humio, under the Users and Permissions section. Just click on the Users tab to start. For a new account, you’ll see just one user, yourself. In the screenshot shown in Figure 1 here, you can see the organization owner and that one user has been invited.

To add more users, click on the + Add… button to start the process of adding a user. A small dialog box will appear asking you to enter an email address. We recommend you use their organization email address. This will generate an email that will be sent to them, inviting them to join your Humio organization. The email will contain an invitation link, which they will have to follow to join your organization. Please note that the link is valid for 2 weeks. You can, however, extend its validity by clicking on Resend Invitation button. You can also revoke the invitation by clicking Cancel Invitation button.

Once the user is invited, he will be a Pending User, and, as such, will be listed under Pending section on the users page. You cannot grant permissions nor update user’s information for Pending users. You will be able to do so once the user accepts the invitation, and hence, becomes a member of your organization.

It is worth mentioning that a user can only be a member of one organization at any given moment. If you need to invite a user who is a member of another organization, you can do so by following the process described above. The invited user will have to do extra steps to join your organization, which he will be guided through once he accepts the invitation and logs into Humio. Then, the move between organizations takes place automatically. When a user is moved to another organization, his private sandbox repository moves with him.

Once the user has accepted the invitation, you can add some profile information in the right panel (see Figure 1), under Details. You would click Save to save any information you enter. Should you ever want to remove a user, you would do so under where it says, Danger Zone. It’s highlighted in the screenshot here. Under that same tab, you can promote a user to Organization Owner — you can have more than one, by the way.

You can assign a user to a particular group and give them permissions, or rather roles, under Groups & Permissions. However, you may want to add some roles and groups first.

Adding Roles

Figure 2, Add a Role

To add roles, go to the Roles tab on the left. You’ll see a screen like the one shown in Figure 2 here. Click on + Add… to add a role. A small dialog box will ask you to name the role. After you do that, you’ll be able to set the permissions for the role. In the example shown in Figure 2, we named the role, Monitor. You may name your roles whatever makes sense for your situation. At a minimum, you would generally give a role Read Access to give users, to whom you assign the role, the ability to access the repositories.

In the example in the screenshot here, we gave the user that and all Search permissions, but nothing else. You may choose whatever permissions you want. If you find your choices are too restrictive, like our example in Figure 2, you can come back to this panel to change them later. When you’re finished setting the permissions for the role, click Save.

Adding Groups

Figure 3, Add a Group

So as to make managing users and their permissions easier, you can add groups to your Humio account. For instance, we’ve added a group in the example shown in Figure 3, and named it it-dept. This group will be for users who are part of the IT department of the organization. You can see it listed under the middle panel, along with the administrative one the system created automatically when first creating the organization. For that group, it has a prefix for the initial repository. That’s because when the organization was created, it was set to use repository-based permissions, the default. Now that the permissions model has been changed to role-based, we don’t need to use that pattern of naming groups: it no longer applies or makes sense since groups can now apply to multiple repositories.

Incidentally, groups may be renamed or deleted under the Danger Zone tab in the third panel for a particular group.

Associating Groups with Repositories

You may have noticed in the third panel of the screen shown in Figure 3, that it shows the tab labeled, Repositories and Views. Here you can add the repositories the users of the group have permisssion to access. You would just click on + Add Repository or View to give permission for either a respository or a view.

Since the example used for this documentation page is of a new organization, there’s only one repository so far. Notice also that we’ve set a role for this group in relation to the repository, the Monitor role. You can give a group more than one role, if that would be appropriate.

Adding Users to Groups

Figure 4, Add Users to a Group

In addition to giving a group permission to access a repository and choosing the role that will apply to the group for that repository, you’ll need to add users to that group. Click on the Users tab in the third panel to do this. You’ll see a screen similar to what you see in Figure 4 here.

Notice that for the example we’ve already added some more users to the organization. To add some of them to the group, click on + Add…. You’ll then see a pull-down menu, as seen in Figure 4, labeled, Add User by Name. It will show you a list of users that are not already assigned to the group. Just select the ones you want to add.

Later, if you want to add another user to the group, perhaps a new user, you can return to this screen to add them. However, you can instead go to the User tab on the left and then to the Groups & Permissions section for that user. Both work as well for adding a single user, but from the User tab you can see more clearly what a particular user has permission to do. This can be useful when you have multiple repositories, multiple roles, and multiple groups and many users.