StackState Docs
StackState.comDownloadBlogsSupport
Search…
StackState version 5.0
Welcome to the StackState docs!
StackState self-hosted v5.0 docs
Getting Started
🚀
Setup
Install StackState
Upgrade StackState
StackState Agent
StackState CLI
Data management
👤
Use
Concepts
StackState UI
Checks and monitors
Problem analysis
Metrics and events
Glossary
🧩
StackPacks
About StackPacks
Add-ons
Integrations
Develop your own StackPacks
🔧
Configure
Topology
Telemetry
Traces
Health
Anomaly Detection
Security
Authentication
RBAC
Role-based Access Control
Permissions
Roles
Scopes
Subjects
Secrets management
Self-signed certificates
Set up a security backend for Linux
Set up a security backend for Windows
Logging
📖
Develop
Developer guides
Reference
Tutorials
Powered By GitBook
Subjects
StackState Self-hosted v5.0.x

Link your existing authentication provider to StackState RBAC

StackState is configured by default with file based authentication with predefined roles for Guests (very limited permission level), Power Users and Administrators (full permission level). To change the configuration to use LDAP authentication, see authentication docs.

How to make a new user, or a group, with scopes?

To create a new subject (a group or a username), you must follow the stac CLI route below. When you create a subject, it has no permissions at first. All custom subjects need a scope by design, so they do not have access to the full topology. This is a security requirement that makes sure that users have access only to what they need.

Examples

To create the stackstate subject with a scope that allows the user to see all elements with the "StackState" label, use the following command:
CLI: stac
CLI: sts (new)
sts subject save stackstate 'label = "StackState"'
Not running the stac CLI yet?
➡️ Upgrade the old sts CLI to stac
Command not currently available in the new sts CLI. Use the stac CLI.
To give more context and specific limitations you can create the subject called stackstateManager that also has the scope of StackState label and has access to Business Applications within that label, command looks like this:
CLI: stac
CLI: sts (new)
stac subject save stackstateManager 'label = "StackState" AND type = "Business Application"'
Not running the stac CLI yet?
➡️ Upgrade the old sts CLI to stac
Command not currently available in the new sts CLI. Use the stac CLI.
Please note that when passing a STQL query in a stac CLI command, all operators( like =, <,AND, and so on) need to be surrounded by spaces, as in the above example.
Please note that if you are using LDAP authentication, then the subject needs to be provided with a name that exactly matches the username or a group name that is configured in LDAP, as it is case-sensitive.
Previous
Scopes
Next
Secrets management
Last modified 1mo ago
Copy link
Outline
Link your existing authentication provider to StackState RBAC
How to make a new user, or a group, with scopes?
Examples