Restrict access to specific Audit Events when exporting them #49582
Replies: 1 comment 3 replies
-
|
Hi there is not a documented method for that. Typically after exporting them you would use labels within the audit events (server labels) and other information to determine who is allowed to see them. |
Beta Was this translation helpful? Give feedback.
-
|
Where would this label configuration would happen then ? |
Beta Was this translation helpful? Give feedback.
-
|
There's not an option from Teleports audit retrieval. That would have to open after it's exported. If you're using one of the fluentd options you may find it offers something to help. |
Beta Was this translation helpful? Give feedback.
-
|
Ok I get that I can do the filtering in fluentd, but that would happen to late as one can get access to all audit events by just changing the fluentd config then. Thanks |
Beta Was this translation helpful? Give feedback.
-
Hello,
Is there a way to restrict access to specific Audit Events when accessing them for export. I got from this guide that a Teleport role should be create to access Audit Event, I am wondering if there is a possibility to scope this role a subset of Audit Events; per cluster ideally.
I am working on a solution to ingest Audit Events onto different cluster instances. Each cluster would store Audit Events into Loki for further investigation and analysis. And I would like each cluster to only be able ingest its own Audit Events, and prevent access to other clusters Audit Events.
Beta Was this translation helpful? Give feedback.
All reactions