RBAC Support for Log Management

Introduction

Role-Based Access Control (RBAC) is a security framework that restricts system and data access based on a user’s assigned role. It ensures users only access the necessary logs and resources required for their specific responsibilities, minimizing unauthorized exposure to sensitive data.

RBAC simplifies permission management by enforcing structured access to logs, preventing unnecessary data exposure, and strengthening security. In Log Management, users should only be able to view logs relevant to their assigned roles rather than accessing the entire dataset.

RBAC with Authz tags

AuthZ tags are key-value pairs that define access permissions within the logs management system. These tags act as custom attributes that determine which logs a user can retrieve, manage, and delete based on predefined role-based policies.

Configure AuthZ Tags

AuthZ tags are configured within the Custom Attributes, ensuring structured assignment of access permissions to logs.

To implement RBAC effectively, AuthZ tags are first assigned to roles, determining log access permissions. Users are then assigned roles based on their responsibilities, ensuring they only have access to logs matching their assigned AuthZ tags.

Based on assigned roles, access permissions are categorized as follows:

Roles with “All” AuthZ tags have unrestricted access to all logs.
Roles with “Specific” AuthZ tags can only view logs associated with their assigned tags.
Roles with “None” AuthZ tags can access only logs that do not have any assigned tags.

For more information, refer to Create a Role.

Note

Logs that do not have any assigned AuthZ tags are accessible to all users.

Note

Users with the “All” AuthZ tag can add, update, and delete logs with full administrative control.

Functionality

Create a New AuthZ Tag in Custom Attributes To define role-based access for logs, AuthZ tags are created in the Custom Attributes section. These are key-value pairs that classify logs based on environment, category, or other criteria.

For more information, refer to Edit custom attribute values.

Assign AuthZ Tags to Roles

Once the AuthZ tag is created, it needs to be assigned to roles. Each role will have specific tags that dictate which logs a user can access, ensuring fine-grained authorization.

Assign Roles to Users

Finally, roles that contain AuthZ tags must be assigned to users. Based on their role, users will have access only to logs that match their assigned AuthZ tags.