Hello,
Per our environment we would like to provide access to certain entities within our control access to our splunk environment. Specific dashboards, searches and access has been permitted. So far the system is pretty well locked down however the user is still able to view the activity/jobs in the top right corner. Is there any way to lock the access down further so the users/role can not access that report/list?
Thank you,
Justin
Hi jstaley,
This view job_management.xml
is one of three system views that are still located in $SPLUNK_HOME/etc/system/default/data/ui/views/
and therefore you must set the permission inside of $SPLUNK_HOME/etc/system/metadata/local.meta
. Add this to the end of the file:
[views/job_management]
access = read : [ admin ], write : [ admin ]
export = system
owner = admin
This will allow all users in the admin
group to be able to use the view, where users of the user
group are not able to open the view (They still can see it in the drop down!) - they will get this error:
Another option would be to clone the view into a different app and set the permission within this app, but this way you would miss any future update to this view.
Hope this helps ...
cheers, MuS
Actually you have to adapt the local.meta from the search app. It has been tested with 8.0.3
1. edit local.meta
vi /opt/splunk/etc/apps/search/metadata/local.meta
2. add the following line:
[views/job_manager]
access = read : [ admin ], write : [ admin ]
export = system
owner = admin
@MuS I cloned the view from $SPLUNK_HOME/etc/system/default/data/ui/views/ into this location in my app "etc/apps/myapp/local/data/ui/views and then I set the permissions in etc/apps/myapp/metadata in the local.meta file
And then I restarted my Splunk
But my users can still access the Jobs page- am I doing something wrong in my config files?
That sounds like a config precedence problem, because everything in etc/system/local
will overwrite your settings. Check settings in etc/system/local/metadata
.
BTW, what happens if you do it the way I mentioned above and change it in etc/system/local
instead a separate app?
cheers, MuS
Hi @MuS I don't want to change it for everybody- I just want to change it for a specific app (everyone in that app has the same role)- can I do that?
And I didn't change anything in etc/system/local- there is nothing that talks about this view job_management.xml in my local.meta file in etc/system/metadata
Anything else I should try?
Are the users able to view the jobs/activity page or just see the menu dropdown in the right corner? so when they click on it does it take them to the jobs page?
I would like to ask the same question.