Skip to main content

The below example shows how to add a new policy to Cribl on-prem. Custom RBAC (Role-Based Access Control) policies are user-defined rules that go beyond a platform's built-in roles to provide specific, granular permissions for access to resources

This example, enables a user to work with Cribl Lookup tables, Commit and Deploy the Lookup files, but Read Only for all other operations.

1. On the Cribl Leader, Create a new policy using CLI and policies.yml file

root@ubuntu:/opt# more cribl/local/cribl/policies.yml
LookupUpdateOnly:
  args:
	- groupName
  template:
	# Include basic read on the group (routes, pipeline, sources) so UI can load
	- GroupRead ${groupName}

	# Allow all operations for lookups (PUT, POST, PATCH, DELETE, GET)
	- '* /m/*/system/lookups'
	- '* /m/*/system/lookups/*'

	# Example, if you need to limit to specific operation 
    #  - GET /m/${groupName}/system/lookups
	#  - GET /m/${groupName}/system/lookups/*
	#  - POST /m/${groupName}/system/lookups
	#  - PATCH /m/${groupName}/system/lookups/*

	# Allow for Commit
	- POST /m/${groupName}/version/commit
	- POST /version/sync

	# Allow selective deploy of modified lookup(s) to Workers
	- PATCH /master/groups/${groupName}/deploy
	- '* /master/workers'
	- '* /w/*'
	- PATCH /master/workers/restart

Another example, enables a user to capture sample events, but Read Only for all other operations 

CaptureOnly:
  args:
    - groupName
  template:
    - GroupRead ${groupName}
    - '* /m/*/system/outputs/*/samples'
    - '* /m/*/system/inputs/*'
    - '* /m/*/preview'
    - '* /m/*/system/samples'
    - '* /m/*/system/samples/*'
    - '* /m/*/system/samples/*/content'
    - '* /m/*/system/capture'
    # Allow for Commit
    - POST /m/${groupName}/version/commit
    - POST /version/sync
    # Allow selective deploy of modified lookup(s) to Workers
    - PATCH /master/groups/${groupName}/deploy
    - '* /master/workers'
    - '* /w/*'
    - PATCH /master/workers/restart
  description: Can Capture sample data  within this @{group} and deploy the @{group}
  title: Capture

Restart Cribl Leader

2. Create a new Role and attach the policy to the role
In the Leader UI → Setting → Global Settings → Access Management → Roles → Add Role → Add Policy to the Role

  • Role name = LookupUpdate
  • Policy = LookupUpdateOnly
  • Object = ‘ * ‘ (select one of the Worker Groups for more limitations)

A white and blue lineAI-generated content may be incorrect.

3. Associate the new Role to a User
In the Leader UI → Setting → Global Settings → Access Management → Local Users → Add Role to the User

  • Roles = LookupUpdate and Stream_Reader

A screenshot of a computer screenAI-generated content may be incorrect.

 

 

 

 
Be the first to reply!
Terms & ConditionsAccessibility statement