Authentication options
SUSE Observability Self-hosted
Out of the box, SUSE Observability is configured with single password authentication with admin user and random password configured during installation. This authenticates users with a simple secret on the server. However, this isn't a production-ready setup.
For better security SUSE Observability can be configured to use exactly one of the following authentication mechanisms (replacing the standard admin user):
Authentication configuration is part of the Helm chart, any changes will automatically trigger a restart of the pods requiring that.
User roles
When a user has been authenticated permissions for that user are usually assigned based of the roles the user has. The documentation for the specific authentication mechanisms also contain examples on how to map the roles or groups from the external systems to the 4 standard roles of SUSE Observability:
Guest - able to see information but make no changes.
Kubernetes Troubleshooter - able to see all information and see and change monitors and metric configuration.
Power User - able to see and change all configuration and install StackPacks.
Administrator - able to see and change content of SUSE Observability. For example, see all configuration, install StackPacks, grant and revoke user permissions and upload (new versions of) StackPacks.
When deciding on the roles to assign your users, it's strongly advised to have only a small group of Platform Administrators and Administrators. For example, only the engineers responsible for installing SUSE Observability and doing the initial configuration. Administrator users can manage access to SUSE Observability and decide which StackPacks can be used. You can delegate installation of StackPacks and other fine-tuning of the configuration to a larger number of users with the Power User role. Platform Administrator users can clear the database, change data retention settings, view logs and perform other platform management tasks.
It's also possible to add more roles, see the page Roles (RBAC) and the other RBAC documentation pages
Last updated