RBAC permission required to silence check or entity

I have created a rbac setup, but somehow, have missed assign privileges to allow the user to silence (and probably unsilence) an entity or check result. Can you please tell me what I’m missing? Thanks!

sensuctl user create tom_webops --password=‘password’ --groups=webops
sensuctl role create webops-admin --verb get,list,create,update,delete --resource assets,checks,entities,events,filters,hooks --namespace webops
sensuctl role create webops-readonly --verb get,list --resource handlers,mutators --namespace webops
sensuctl role-binding create webops-oncall --role=webops-admin --group=webops
sensuctl role-binding create webops-reaodnly --role=webops-readonly --group=webops

I figured it out. I had to add “silenced” to the resource list.


I put together a gist with the start for a reusable pattern for good RBAC practice. Can you take a look at it. Now that you have successfully produced an RBAC scheme do you any suggestion on my pattern to make it better?

1 Like