Manage Sharing for Users and Teams

Sharing is a key part of the Graylog permission management model. To access or change an entity, a user must have both the correct role and the entity must be shared with them. When you create an entity, you are the owner by default and no sharing is required. Typically, any user who owns an entity can share that entity with other users or teams.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

  • Review Permission Management to understand how roles and sharing work together to grant access to entities.

  • You must have an entity to share.

  • You can only share entities with a user or users with appropriate roles assigned.

Share an Entity

In Graylog, an "entity" refers to any distinct resource or component within the system that you can manage and interact with. Examples of entities include dashboards, streams, saved searches, event definitions, and alerts.

Entities can be shared individually, as described here, but they can also be added to collections and shared as a group. See Collections for complete information.

Share an Existing Entity

To share any existing entity with another user or users:

  1. Navigate to the entity you want to share.

  2. Click the Share button for the entity. For entities such as dashboards and saved searches, the Share button is in the upper right-hand corner. For entities such as event definitions that are listed in tables, the Share button is in the table.

  3. Select the user you want to share the entity with. Graylog Enterprise customers have the option to select a team as well.

  4. Choose the sharing access level:

    • Viewer: Can view the entity but not make any changes to it.

    • Manager: Can edit any aspect of the entity. For some entities, this access level allows the user to delete the entity.

    • Owner: Has the same permissions as Manager but adds the ability to share the entity with other users.

  5. Select Add Collaborator.

  6. (Optional) To share the same entity with others, repeat steps 3-5. Note that you can choose a different access level for each user or team you add.

  7. Click Update sharing.

Hint: This dialog box can also show any collections the entity is already been added to. If you want to add an existing entity to a collection, use the Manage collections link from the entity page. This option is typically found under the More Actions menu.

Share a New Entity

You can share entities with individuals or teams when you create the entity. You can also include the entity in existing collections. With any entity type you create, the section of the form for adding collaboration and sharing is the same.

Add Collaborator

Use the Add Collaborator section to share the entity with individual users or teams. You can set a different access level for each collaborator you add.

  1. Enter a search term or scroll the list to find a user or team to add.

  2. Select the access level the user should receive:

    • Viewer: Can view the entity but not make any changes to it.

    • Manager: Can edit any aspect of the entity. For some entities, this access level allows the user to delete the entity.

    • Owner: Has the same permissions as Manager but adds the ability to share the entity with other users.

  3. Click Add Collaborator.

Repeat these steps for each collaborator you want to add. As you add collaborators, they are listed with their access level. You can change the access level or delete a collaborator before proceeding.

Add to Collection

This is a Graylog Enterprise feature. A valid Graylog Enterprise license is required.

Use the Add to collection section to add the entity to a collection. Enter a search term or scroll the list to find a collection, then select the item to add it. Note that you can add multiple collections in this field. The entity is added to each collection you include. All entities in a collection are shared together when you share the collection.

Hint: When you create an entity, the Add to collections section shows any default collections set via team membership as automatically added. You cannot remove default collections, although you can add additional collections or individual collaborators.

See Collections for information about using collections for sharing and permission management.

When you save the entity creation, all collaboration and sharing options are saved as well.

Share Permissions Configuration

By default, Graylog lets you share entities with everyone so that all users have access, or with individual users and teams. The Share With Everyone option lets you quickly grant access to foundational elements in your environment, such as important streams or dashboards that all users should see. The ability to share to individual users can be useful within teams as well as across teams where members have shared team membership and overlapping responsibilities.

Both of these options are enabled by default. However, to change the sharing behavior:

  1. Navigate to System > Configurations.

  2. Click Permissions in the sidebar.

  3. Click the Edit configuration button to access the Configure Permissions dialog box.

  4. Select or clear check boxes as necessary, then click Update configuration.

Hint: After you share an entity with everyone, when you create new users, that entity is automatically shared with them as well so they begin with access to these important entities.

Share with Teams

This is a Graylog Enterprise feature. A valid Graylog Enterprise license is required.

The Teams feature sets sharing levels to allow you to contain sharing within your defined teams. Consider how non-Admin users can share in the following circumstances:

  • User in a team can share:

    • To everyone (if "share with everyone" is enabled)

    • To other individual users in that team (if "share with users" is enabled)

    • To other individual users in a different team of which they share membership (if "share with users" is enabled)

    • To any team in which they are a member

  • User not in a team can share:

    • To everyone (if "share with everyone" is enabled)

Hint: Graylog Open users have only the option to share with everyone. If this option is not enabled, users have no valid share options.

When an entity is shared with a team, rather than an individual user, every member of that team gains access to the entity at the level at which it was shared. For example, a member of the Security team creates a new pipeline, then shares it with their team at the Manager level. Every member of the Security team can now use and edit this pipeline, although only the creator has the ability to share it (i.e. the Owner).

Hint: Sharing is required only for non-Admin users. Any user with the Admin role automatically has access to all entities without sharing.

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: