Manage Sharing for Users and Teams
Sharing is a key part of the Graylog permission management model. To access or change an entity, a user must have both the correct role and the entity must be shared with them. When you create an entity, you are the owner by default and no sharing is required. Typically, any user who owns an entity can share that entity with other users or teams.
Prerequisites
Before proceeding, ensure that the following prerequisites are met:
-
Review Permission Management to understand how roles and sharing work together to grant access to entities.
-
You must have an entity to share.
-
You can only share entities with a user or users with appropriate roles assigned.
Share an Entity
In Graylog, an "entity" refers to any distinct resource or component within the system that you can manage and interact with. Examples of entities include dashboards, streams, saved searches, event definitions, and alerts. To share any entity with another user or users:
-
Navigate to the entity you want to share.
-
Click the Share button for the entity. For entities such as dashboards and saved searches, the Share button is in the upper right-hand corner. For entities such as event definitions that are listed in tables, the Share button is in the table.
-
Select the user you want to share the entity with. Graylog Enterprise customers have the option to select a team as well.
-
Choose the sharing access level for the selected user or team:
-
Viewer: Can view the entity but not make any changes to it.
-
Manager: Can edit any aspect of the entity, including deleting it.
-
Owner: Has same rights as manager. In addition, they can share the entity with additional users.
-
-
Select Add Collaborator.
-
(Optional) To share the same entity with others, repeat steps 3-5. Note that you can choose a different access level for each user or team you add.
-
Click Update sharing.
Share Permissions Configuration
By default, Graylog lets you share entities with everyone so that all users have access, or with individual users and teams. The Share With Everyone option lets you quickly grant access to foundational elements in your environment, such as important streams or dashboards that all users should see. The ability to share to individual users can be useful within teams as well as across teams where members have shared team membership and overlapping responsibilities.
Both of these options are enabled by default. However, to change the sharing behavior:
-
Navigate to System > Configurations.
-
Click Permissions in the sidebar.
-
Click the Edit configuration button to access the Configure Permissions dialog box.
-
Select or clear check boxes as necessary, then click Update configuration.
Share with Teams
This is a Graylog Enterprise feature. A valid Graylog Enterprise license is required.
The Teams feature sets sharing levels to allow you to contain sharing within your defined teams. Consider how non-Admin users can share in the following circumstances:
-
User in a team can share:
-
To everyone (if "share with everyone" is enabled)
-
To other individual users in that team (if "share with users" is enabled)
-
To other individual users in a different team of which they share membership (if "share with users" is enabled)
-
To any team in which they are a member
-
-
User not in a team can share:
-
To everyone (if "share with everyone" is enabled)
-
When an entity is shared with a team, rather than an individual user, every member of that team gains access to the entity at the level at which it was shared. For example, a member of the Security team creates a new pipeline, then shares it with their team at the Manager level. Every member of the Security team can now use and edit this pipeline, although only the creator has the ability to share it (i.e. the Owner).
Admin users. Any user with the Admin role automatically has access to all entities without sharing.
Further Reading
Explore the following additional resources and recommended readings to expand your knowledge on related topics:
