On This Page

Home / Stream/ Access Management/Local Users

Local Users

This page covers how to create and manage Cribl Stream users, including their credentials and (where enabled) their access roles. These options apply if you’re using the Local Authentication type, which is detailed here.

Local Users are only available in on-prem deployments. In Cribl.Cloud, use Members and Permissions for access control.

Create Local User

To create a new Local User:

  1. In the sidebar, select Settings, then Global.

  2. Under Access Management, select Local Users. The Local Users page will initially show only the default admin user. You are operating as this user.

    Managing users
    Managing users

  3. Select Add User.

  4. Provide the new User with basic information and set their Password. Usernames and passwords are case-sensitive.

  5. To prevent the user from currently logging in, toggle Enabled to No.

Manage Local User Information

As a logged-in Local User, you can change your own information by opening the Account menu in the top right corner and selecting My profile. Here, you can modify your first and last name, and change the account password.

Only an Admin can change the email assigned to a Local User.

Password Rules

All passwords must:

  • Contain eight or more characters.

  • Use characters from three or more of the following categories:

    • Lowercase letters.
    • Uppercase letters located after the first character in the password.
    • Digits located before the last character in the password.
    • Non-alphanumeric ASCII characters such as #, !, or ?.
    • Non-ASCII characters such as ñ, , or emoji.

As of Cribl Stream version 4.5.0, these rules apply for all passwords, whether or not Cribl Stream is running in FIPS mode, with one exception:

  • For Cribl Stream not running in FIPS mode, local users whose passwords existed before Cribl Stream 4.4.4 was released, can continue to use their passwords, even if those passwords do not satisfy the rules.
  • When these users change to a new password, the new password must satisfy the rules.
  • New users must create passwords that satisfy the rules.

If you get locked out of your account, you need to reset your password manually.

Adding Roles

If you’ve enabled role-based access control you can use the modal’s bottom Roles section to assign access Roles to this new or existing user.

For details, see Roles. Role-based access control can be enabled only on distributed deployments (Edge, Stream) with certain plan/license tiers. With other license types and/or single-instance deployments (Edge, Stream), all users will have full administrative privileges.

Select Add Role to assign each desired role to this user. The options on the Roles drop-down reflect the Roles you’ve configured at Settings > Global > Access Management > Roles.

Note that when you assign multiple Roles to a user, the Roles’ permissions are additive: This user is granted a superset of the highest permissions contained in all the assigned Roles.

By default, Cribl Stream will log out a user upon a change in their assigned Roles. You can defeat this behavior at Settings > Global > General Settings > API Server Settings > Advanced > Logout on roles change.