Using Roles to share your data
Manage who can have access to your data and what they can do with them.
Manage who can have access to your data and what they can do with them.
Last updated July 28th, 2022
Logs policies are often decisions taken by an entire team not individuals. Collaboration remains an utmost priority for Logs Data Platform, following this strategy it shall enable everyone share data in a easy and secure manner. Log policies also affect several teams regarding access rights, for instance the Product managers can access some data but be denied to access security logs. That's why we decided to provide a Role Based Access Control to users to configure access rights. This document will expose you how you can use this system to configure access rights.
Head to the Roles pages on the manager and create a role with its name and its description.
Once created you will be able to configure the role details: the permissions and the members.
Click on the ...
button on the right to display the menu and head to manage permissions
On the permission page, you will see two tabs Read-Only and Read-Write.
Some items can be shared in read-only whereas others can be shared with a write (or modification) right.
Items | Read-Only | Read-Write |
---|---|---|
Stream | Yes | No |
Dashboard | Yes | Yes |
Index | Yes | Yes |
Alias | Yes | No |
OpenSearch Dashboards | Yes | Yes |
Note that to give access to data (index or aliases) explored through OpenSearch Dashboards to a user, you need to give at least read rights to both the instance and to the data explored.
Select the items you want to share in the role and they will switch from the avalaible column to the selected column. Go back to the roles page to manage the users in the defined role.
To manage the members of a role, use the same ...
menu to navigate to the Manage members page. Click on Add a member
to add a new member for this role.
In the username box you must add a Logs Data Platform username. The ldp username can be found in the Home panel of your manager int the General section. Any person who have a Logs Data Platform service can be added to the role even if their primary cluster is different from yours.
Once a member has been added, he will see the relevant page the item that have been shared to him with an indication on the Shared column. The available actions will be displayed to him in the ...
menu.
A user can access the shared items with his usual credentials whatever the cluster is. If one has access to items on another cluster, it shall be possible to create tokens for this new cluster access. As a reminder, creating an account on Logs Data Platform is free, any OVHcloud nic-handle can create one or several accounts and they don't have to pay for data that have been shared to them.
Role management can be automated by using the OVHcloud API.
Here are a few exemples of the role API calls you can use:
List available services.
Return the list of roles associated with the service.
serviceName * |
The internal ID of your Logs Data Platform service (string) |
---|
Return the specified role.
serviceName * |
The internal ID of your Logs Data Platform service (string) |
---|---|
roleId * |
UUID of your role (string) |
Grant given LDP user.
serviceName * |
The internal ID of your Logs Data Platform service (string) |
---|---|
roleId * |
UUID of your role (string) |
RoleMemberCreation * |
A JSON object containing the field {username} (string), the username of the member and a {note}, the description of this member. |
---|
Allow access on given alias.
serviceName * |
The internal ID of your Logs Data Platform service (string) |
---|---|
roleId * |
UUID of your role (string) |
RolePermissionAliasCreation * |
A JSON object containing the field {aliasId} (string), the UUID of the alias you want to share. |
---|
Don't hesitate to explore the API, and try it with the provided console.
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.
Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.
Discuss with the OVHcloud community