Security

What takes precedence? Global KO permissions or app share permissions?

soniquella
Path Finder

This is confusing me greatly so forgive me if my explanation is not clear but I will try to explain:

I have a dashboard in app A, lets call it dashboard AA, accessible by role A. I had a request from an internal department to create a new app, app B which consisted only of dashboard AA and it's relative drill down dashboards. App B access will be controlled by role B.

I cloned dashboard AA from app A (and all required drill down dashboards) i.e. made it global and then cloned within app B, cloning permissions also.I then changed the App A sharing permissions back to role A only. Lets call this new dashboard within app B, BB. However, the searches within dashboard BB failed due to KO's with app A only permissions. When running dashboard BB I saw errors such as 'lookup does not exist' and not found' errors relating to field extractions/lookups/tokens. SO, I located each KO and changed the permissions to global rather than restricted to app A. This worked. I could then run dashboard BB without issue.

However, users with role B access to App B could also SEE App A from the app selection menu and I was asked to remove this so that role B users could only see App B and no other app. I then changed read permissions on App A to role A and admin. This obviously removed read permissions to App A for role B.

Removing read permissions for role B to the app A meant that even though the KO's within App A had global permissions, users with role B access could no longer run the dashboard BB successfully and the previous reported errors appeared. It did however remove it from the app selection menu as expected.

My question: Without cloning the required knowledge objects (one fact, one place), how do I grant access for role B users to access KO's owned by app A BUT with global permissions but remove App A availability for role B users?

In hindsight, I would have MOVED the dashboard AA in to App B.

I hope the above makes sense?

Any help or advice anyone can offer at this point would be greatly appreciated.

Kind regards,

Rob.

0 Karma

soniquella
Path Finder

Thanks for your response.

I do not understand - "You can just restrict the Read permission for Application A from User roles to specific roles."

I have done this? Users with role B access app B but I do not want them to be able to see app A in the selection menu. If I remove read access to app A for role B then role B users can no longer access KO's with global permissions?

In short it seems that even though the KO's have global permissions set, if I remove read permissions to the app that they were created in then this over rules the global permissions settings? I may be wrong so feel free to tell me but this is what I think I have experienced.

Thanks again for taking the time to assist.

0 Karma

hardikJsheth
Motivator

You don't need to remove Global permission for changing App A's visibility. You can just restrict the Read permission for Application A from User roles to specific roles.

If you want to access the KO of one app into other app then you have to set the permission to "Global" and provide read access to particular role. In your case you should have read permission for all the KO's that are used for in the Dashboard.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...