LOGIQ.AI
HomeLogFlowLogiqctlLogiqHub
Search…
Introduction
Overview
Releases
EULA
End User License Agreement
Deploying LOGIQ
Quickstart with Docker-Compose
SaaS
PaaS deployment
INTEGRATIONS
Overview
AWS
Azure
Docker Syslog log driver
Docker Swarm logging
Filebeat
Fluent Bit
Fluentd
FortiNet Firewalls
GCP Cloud Logging
Incident management
Kafka
Logstash
MQTT
Open Telemetry
Palo Alto Firewall
Prometheus
Rsyslogd
DATA MANAGEMENT
Overview
Rules
Timestamp handling
Prometheus Monitoring
Overview
Writing PromQL Compatible queries
LOG MANAGEMENT
The LOGIQ UI
Terminology
Explore Logs
Log2Metrics
Reports
logiqctl
Role-Based Access Control (RBAC)
Configuring RBAC
AUTONOMOUS INSIGHTS
Log Pattern-Signature
Time Series Insights
Alerts On Logs
Rule Packs
DATA SOURCES
Overview
API
OLAP
NoSQL Data Sources
SQL Data Sources
API
Query API
Administration
E-Mail Configuration
Single Sign-On with SAML
Audit Trail
Powered By GitBook
Configuring RBAC
This section describes how to configure Role-based access controls for users

Overview

LOGIQ, not only supports access to logs but also to additional data sources. LOGIQ's RBAC enforcement works by restricting access to the data source. This in turn translates to restricting user access to queries and dashboards created on those data sources.
In addition, LOGIQ's log collection model works by mapping incoming log data into namespaces. In LOGIQ, a namespace is treated as a data source, thus allowing a uniform model for applying access restrictions.

Creating a namespace data source

Namespace restrictions are managed by the namespace data source. Only the admin users have privileges to access and modify data sources.
In the data source configuration, provide the data source settings by listing out the namespaces that are part of the data source definition. Provide a name for the data sources and then Save your configuration. In the example below, we are creating a NonAdmin-Namespace data source that has access restrictions to two namespaces flash:advertise and prod-k8s:kube-system

Assigning Namespace data sources to users

The final step is to attach the namespace data source to a group. This restricts all users in the group to the namespaces defined in the data source.

Managing access to namespaces from multiple clusters and hosts

Namespaces in LOGIQ map to virtual hosts or namespaces in Kubernetes clusters. Resources such as ECS clusters can also be mapped to namespaces.
Let us look at how this works in practice. In the example above, the access restrictions are applied to two namespaces flash:advertise and prod-k8s:kube-system
The user will be able to access only these 2 namespaces whether it may be View Only access or Full-Access
Yes, it is that simple!
LOG MANAGEMENT - Previous
Role-Based Access Control (RBAC)
Next - AUTONOMOUS INSIGHTS
Log Pattern-Signature
Last modified 3d ago
Export as PDF
Copy link
Edit on GitHub
Contents
Overview
Creating a namespace data source
Assigning Namespace data sources to users
Managing access to namespaces from multiple clusters and hosts