Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Distributed Management Console read only user

cafissimo
Communicator
‎06-07-2018 02:23 AM

Hello,
please I would like to know if and how is possible to define/create a user that has only the capability to navigate through the Splunk Distributed Management Console, without the possibility to make any changes.
The user should not be able to do anything else, other than viewing DMC dashboards: he should be like a "read only" admin.

Thanks in advance and kind regards.

0 Karma
Reply

joebisesi
Path Finder
‎06-07-2018 07:10 AM

You can create a new role and via default.meta give that role read access. But for any of the dashboards to populate that role will also need multiple capabilities, including search. That role will also need access to specific indexes. Which, by your request, will not accomplish what you want. I'm sure there would be a way of recreating the DMC dashboards in a custom made app, that would remove any navigation capabilities outside of the dashboards you want the user to see. I have a feeling that may be way more effort than its worth to do that.

The short version is, I don't know a quick solution or even a moderately easy solution. Keep in mind the DMC accesses a lot of data from many sources. Keep in mind for any search to work the user has to have access to search in addition to the indexes that hold the data.

0 Karma
Reply

laurencmcminn
New Member
‎06-07-2018 06:37 AM

Have you tried using roles to define exactly what the users can do and then grouping them into those roles?
There is more information here about user role capabilities. You should be able to limit what they can do to only allow them to view the DMC dashboards and do nothing else. You can even set the search jobs limit so that they cannot search otherwise.

I hope this helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...