Security

App Permissions and Roles

jchensor
Communicator

Hey, everyone.

I'm in an interesting predicament. I have one particular view of an App (let's call it AppPrime) that we've created that I want one specific role to have access to. Limiting the view of an App to just one page depending on the role of the user logged in didn't seem like it was possible, so I went a different route.

Instead, I re-created that one page into its own App (which we'll call AppSecond). Now, all of the saved searches and such used in AppPrime were made sharable across Apps, so that AppSecond could use those Saved Searches and display the reports and graphs on its duplicated page just fine.

So having done this, I created a new Role (let's call it RoleLimited) that ONLY is allowed access to AppSecond. However, when I access the Dashboard created in AppSecond, which is the duplicate page of AppPrime, the charts and graphs NO NOT show up. Basically, this is caused by the fact that RoleLimited still doesn't have access to AppPrime, and this is the part that confuses me: AppPrime's searches are all shared and are considered public, so shouldn't they show up anyhow?

So here's a couple of questions.

1) Is there actually a way to allow Users of RoleLimited to access AppPrime but limit which views it can have access to? I originally thought this wasn't possible, but maybe there is a way to do it and I should go down that path instead.

2) If 1 isn't possible, what's the recommended solution to the problem I'm seeing? Is there a way toaccomplish what I want to do without duplicating the Saved Searches in the AppSecond context? I don't wanna run two sets of the same Saved Search just because then both sets will take up processing power on the SearchHeads and such.

Thanks for taking the time to read this and thanks in advance to anyone who might have an answer that may help me.

  • James
Tags (2)
1 Solution

lguinn2
Legend

Yes, you can set permissions on the individual dashboards. So you could simple have one App - AppPrime. It would have all the searches. Some dashboards could be viewable by both roles, but some might be restricted to RolePrime. Some dashboards might be specifically built for RoleLimited.

One rule that you should follow: if you give permissions for a role to see a dashboard, that role should have permissions for all searches on that dashboard.

But if a user does not have permissions to use a particular dashboard, the dashboard will simply not show up in the menu for them. Same for searches. So you don't need a separate app for RoleLimited. You probably don't even need to make the searches shared globally, either.

To set the permissions: go to Manager » User interface » Views and you can set the permissions for each individual dashboard (and search form and view). Remember that users only need to have read permissions to use your dashboards and searches.

And of course, you can go to Manager » Apps to determine which roles can see/use the App.

View solution in original post

lguinn2
Legend

Yes, you can set permissions on the individual dashboards. So you could simple have one App - AppPrime. It would have all the searches. Some dashboards could be viewable by both roles, but some might be restricted to RolePrime. Some dashboards might be specifically built for RoleLimited.

One rule that you should follow: if you give permissions for a role to see a dashboard, that role should have permissions for all searches on that dashboard.

But if a user does not have permissions to use a particular dashboard, the dashboard will simply not show up in the menu for them. Same for searches. So you don't need a separate app for RoleLimited. You probably don't even need to make the searches shared globally, either.

To set the permissions: go to Manager » User interface » Views and you can set the permissions for each individual dashboard (and search form and view). Remember that users only need to have read permissions to use your dashboards and searches.

And of course, you can go to Manager » Apps to determine which roles can see/use the App.

jchensor
Communicator

Good idea. Thanks for the initial help, though! ^_^ For any of those actually reading through this whole thing, you can check out the new question I created here:

http://splunk-base.splunk.com/answers/51696/one-app-but-mutliple-default-pages-depending-on-roles

  • James

lguinn2
Legend

Yikes - that is bad. And I don't know a way around it. But maybe someone else does. If you post that as a separate question, it will probably get more attention. Right now someone has to read a lot of words to find out that there is still an question here!

jchensor
Communicator

Ooh, very cool. That is extremely helpful, thanks!

I just have one more minor detail standing in my way. The default view of AppPrime happens to be a view that I do not want accessible to RoleLimited. However, when I access AppPrime, RoleLimited is still directed towards the default page of AppPrime, which isn't accessible. Is there a way to create different default views for different users in the same App?

  • James
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...