Seq uses a roles-and-permissions based scheme for managing user privileges. Users are assigned to roles, and roles carry one or more of a handful of permissions that API endpoints demand.
In Seq 2022.1, the permissions underlying the Administrator role have been redesigned, so that it's possible to grant users different levels of administrative access depending on their needs.
Along with Administrator, which is still available and has the highest privileges, two new roles have been introduced:
- Project Owner — full access to ingestion, retention, and stored event data
- Organization Administrator — all Project Owner permissions, plus user administration
Many non-administrative users who could previously search and query data, but not manage it, will benefit from shifting to the Project Owner role. Being able to control ingestion and storage means that developers with knowledge of the underlying log data can tune ingestion filters and retention policies, contributing to a leaner, better-managed Seq installation.
Many other users today are in the Administrator role simply so that they can either manage log data, or the other users on their teams, and don't really need full access to host-level features like plug-in app configuration, authentication provider settings, system diagnostics, or backups. These users can now move to Project Owner or Organization Administrator roles, to improve security by conforming to the principle of least privilege.
Seq 2022.1 is a quick in-place upgrade from earlier Seq versions: it's a great idea to keep up-to-date, and when you upgrade, it's the perfect time to review user access and see whether these new roles offer any advantages for your team!