LOGIQ.AI
LOGIQ.AI
Home
Logiqctl
Overview
Releases
EULA
End User License Agreement
Deploying LOGIQ
LOGIQ SaaS
LOGIQ PaaS Quickstart
LOGIQ PaaS Community Edition
Deploying LOGIQ PaaS on Kubernetes
Deploying LOGIQ PaaS on MicroK8s
Deploying LOGIQ PaaS on AWS
Log Insights
Ingesting data
Data extraction
Log Data Rewrite
Timestamp handling
LOGIQ Monitoring
Configuring Prometheus
Prometheus Data source
JSON Data source
Elasticsearch Data source
Vewing Logs
The LOGIQ UI
Terminology
Logs Page
Search Page
Metrics and Custom Indices
Reports
logiqctl
Role-Based Access Control (RBAC)
Configuring RBAC
ANOMALY DETECTION
Events
Event Rules
Alertable Events
Logs to time series event visualization
COMPLIANCE
Audit Trail
LOGIQ STREAMING
Query API
LOGIQ Configuration
E-Mail Configuration
Alert Destinations
Single Sign-On with SAML
Log Ingest configuration
Terminology
Minimal server configuration
Server options
Sources
Destinations
Filters
Groupings
Rules
Credentials
Partitions
RUNNING ON AWS
Getting started
AWS IAM Resources
1-Click deployment using CloudFormation
Powered by GitBook

Configuring RBAC

This section describes how to configure Role-based access controls for users

Overview

LOGIQ, not only supports access to logs but also to additional data sources. LOGIQ's RBAC enforcement works by restricting access to the data source. This in-turn translates to restricting user access to queries and dashboards created on those data sources.

In addition, LOGIQ's log collection model works by mapping incoming log data into namespaces. In LOGIQ, a namespace is treated as a data source, thus allowing a uniform model for applying access restrictions.

Creating a namespace data source

Namespace restrictions are managed by the namespace data source. Only the admin users have privileges to access and modify data sources.

In the data source configuration, provide the data source settings by listing out the namespaces that are part of the data source definition. Provide a name for the data sources and then Save your configuration. In the example below, we are creating a NonAdmin-Namespace data source that has access restriction to two namespaces customer-tooling and rc-logiq:rc

Assigning Namespace data source to users

The final step is to attach the namespace data source to a group. This restricts all users in the group to the namespaces defined in the data source.

Managing access to namespaces from multiple clusters and hosts

Namespaces in LOGIQ map to virtual hosts or namespaces in Kubernetes clusters. Resources such as ECS clusters can also be mapped to namespaces.

Let us look at how this works in practice. In the example above, the access restrictions are applied to two namespaces customer-tooling and rc-logiq:rc

The customer-tooling namespace is a virtual machine with hostname customer-tooling. The rc-logiq:rc is a Kubernetes cluster with CLUSTER_ID set to rc-logiq and namespace rc within the cluster.

Yes it is that simple!

Vewing Logs - Previous
Role-Based Access Control (RBAC)
Next - ANOMALY DETECTION
Events
Last updated 1 year ago
Edit on GitHub
Contents
Overview
Creating a namespace data source
Assigning Namespace data source to users
Managing access to namespaces from multiple clusters and hosts