13 Feb 2024 11:46 AM - last edited on 14 Feb 2024 07:40 AM by MaciejNeumann
Hi Folks,
I would like bind a policy to a user group to Allow the host group level log ingest and custom log source settings. This group has only MZ level change monitoring settings (whit this they have individual settings on host level eg. log ingest, but they not have host group settings :-().
What is the problem with this policy
ALLOW settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-storage-settings";
ALLOW settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.custom-log-source-settings";
ALLOW settings:objects:read, settings:objects:write WHERE settings:entity.hostGroup = "HOST_GROUP-XXXXXXXX" AND settings:schemaId = "builtin:logmonitoring.log-storage-settings" AND settings:schemaId = "builtin:logmonitoring.custom-log-source-settings";
Thanks in advance.
Best regards,
Mizső
Solved! Go to Solution.
13 Feb 2024 02:23 PM - edited 13 Feb 2024 02:24 PM
You mention they have MZ access, have you added the hostgroup (as an entity) to their MZ settings?
13 Feb 2024 02:49 PM
Yeeep. I did not konw about this possibility. I have never added host group to MZ. I am going to try it with the clinet. In this case policy will not require...it would be more simple...Thanks for the tip. 😉