Restrict user to view only specified dashboards in...

ashabc · ‎11-15-2013

I am trying to create a user account that can access one and only one apps and only view some dashboards within that apps. Nothing else.

What I have done so far:
1. Created a custom apps called myapps
2. published some dashboards within that apps
3. Crated a custom role called "dashboard_role"
4. Allowed the capabilities that are allowed in user role defined in the system. I am not comfortable with same privilege as user roles.
5. Created a user called dashboard_user and put this user in dashboard_role and assigned default apps to myapps
6. Allowed dashboard_user to myapps and "Search & Reporting" read permission from manage permission in apps.
7. Specified dashboards within this apps has everyone read permission

I have two questions:

If I remove permission for dashboard_role from "search & Reporting", user dashboard_user cannot login. Dashboard_user gets error message http 404. Do I really have to give permission to search & reporting to the dashboard_user?
What are the minimum capabilities required for the dashboard_role. I am not comfortable to giving same capabilities as user.

somesoni2 · ‎11-15-2013

The minimum capabilities required for a dashboard user are rest_properties_get (without which they can event launch home screen) and search (every dashboard in turns runs a search, so needed).

If a user has these two capabilities and access to a default app, you can remove access to "Search and Reporting" app.[Just tested the same]

Regarding the 404 error said, either the default app is not set or the it was trying to launch "Search and Reporting" app, may be because it was on that app and logged out (this is where the permission was changed) and when logged back, it will try to take to same screen. You should see the error message for more details.

ashabc · ‎11-17-2013

Thank you for your response.

OK, I have removed all the capabilities except two you mentioned. I can login as dashboard_user as long as the dashboard_role has access to "search & Reporting". The moment I take the permission out for the above role from "search & reporting", user cannot login anymore. Error message "404 not found" and "Splunk cannot find the 'dashboards' view"

I noticed that even with only two capabilities dashboard_user (when allowed access in search & reporting, without which user cannot login) was able to create a new dashboard, which I certainly do not want for this user.

gkanapathy · ‎11-15-2013

No. You're getting the error because the default app/dashboard unless otherwise specified for a user/role is the search app. You need to set the default app for your role to the one app they have access to.
I don't know, what capabilities are you uncomfortable with? They of course will need search, and probably the rest_properties_get capabilities. The remainder may or may not be needed by your dashboard, I don't know. You can read about capabilities here http://docs.splunk.com/Documentation/Splunk/latest/admin/authorizeconf

ashabc · ‎11-15-2013

Thank you for responding to my post.

My intention is to restrict the dashboard_user to anything other than exclusively permitted dashboards, not even any additional searches.

For example, simple search string for two of my panels in the dashboard

sourcetype=cisco_wsa_squid | eval download=sc_bytes/1024/1024 | stats sum(download) by host

eventtype=ironport_proxy | eval MegaByte=sc_bytes/1048576 | stats max(MegaByte) by "Display Name" | sort limit=10 max(MegaByte) desc

How can I achieve this.

The default apps for the role is already "myapps" and myapps has everyone read permission.

Restrict user to view only specified dashboards in one apps only

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM