Local Users

This page covers how to create and manage Cribl Stream users, including their credentials and (where enabled) their access roles. These options apply if you’re using the Local Authentication type, which is detailed here.

Creating and Managing Local Users

On the Leader Node, you manage users by selecting Settings > Global Settings > Access Management > Local Users. In single-instance deployments (Stream, Edge), you select Settings > Access Management > Local Users.

The resulting Local Users page will initially show only the default admin user. You are operating as this user.

Managing users
Managing users

To create a new Cribl Stream user, click New User. To edit an existing user, click anywhere on its row. With either selection, you will see the modal shown below.

The first few fields are self-explanatory: they establish the user’s credentials. Usernames and passwords are case-sensitive.

If you choose to establish or maintain a user’s credentials on Cribl Stream, but prevent them from currently logging in, you can toggle Enabled to No.

Entering and saving a user’s credentials
Entering and saving a user’s credentials

Logged-in users can change their own Cribl Stream password from the Local Users page, by clicking on their own row to open a Local Users modal that manages their identity.

Password Rules

All passwords must:

  • Contain eight or more characters.

  • Use characters from three or more of the following categories:

    • Lowercase letters.
    • Uppercase letters located after the first character in the password.
    • Digits located before the last character in the password.
    • Non-alphanumeric ASCII characters such as #, !, or ?.
    • Non-ASCII characters such as ñ, , or emoji.

As of Cribl Stream version 4.5.0, these rules apply for all passwords, whether or not Cribl Stream is running in FIPS mode, with one exception:

  • For Cribl Stream not running in FIPS mode, local users whose passwords existed before Cribl Stream 4.4.4 was released, can continue to use their passwords, even if those passwords do not satisfy the rules.
  • When these users change to a new password, the new password must satisfy the rules.
  • New users must create passwords that satisfy the rules.

If you get locked out of your account, you need to reset your password manually.

Adding Roles

If you’ve enabled role-based access control you can use the modal’s bottom Roles section to assign access Roles to this new or existing user.

For details, see Roles. Role-based access control can be enabled only on distributed deployments (Edge, Stream) with an Enterprise license. With other license types and/or single-instance deployments (Edge, Stream), all users will have full administrative privileges.

Click Add Role to assign each desired role to this user. The options on the Roles drop-down reflect the Roles you’ve configured at Settings > Global Settings > Access Management > Roles.

Note that when you assign multiple Roles to a user, the Roles’ permissions are additive: This user is granted a superset of the highest permissions contained in all the assigned Roles.

When you’ve configured (or reconfigured) this user as desired, click Save.

By default, Cribl Stream will log out a user upon a change in their assigned Roles. You can defeat this behavior at Settings > Global Settings > General Settings > API Server Settings > Advanced > Logout on roles change.