Dashboards & Visualizations

What are the options for dashboard permissions?

ddrillic
Ultra Champion

When setting the Edit Permissions for a dashboard, our users see the Everyone option and the roles they belong to. Is there a way to customize it beyond this way?

Interestingly, we have in <app>/metadata/local.meta -

[]
access = read : [ admin,<user role> ], write : [ admin …]
export = none

And the user who is part of the user role could not see anything unless we assigned the permissions to EVERYONE – Read.

Tags (2)
0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

What you want your Edit Permissions options to be?

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

What you want your Edit Permissions options to be?

ddrillic
Ultra Champion

A certain user role, because we ended up having separate roles for power and user. So, the power user can't assign permissions to the corresponding user role of this specific app.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

You'd probably have to nest/inherit your 'power' user role from 'user' role to do that. As you've already identified"our users see the Everyone option and the roles they belong to/inherit from."

ddrillic
Ultra Champion

Makes perfect sense @somesoni2.

What's the relation between this dashboard setting and the settings in <app>/metadata/local.meta because here at the app level 'user' does have read access?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

The default app level (one with [] or no stanza name) defines the access permissions on the app. A user has read permissions on the app means user can see the app in the app dropdown/tile on side bar and can launch the app. Sharing permissions on artifacts are handled explicitly.

ddrillic
Ultra Champion

@somesoni2 - gorgeous as usual - much appreciated.

0 Karma

ddrillic
Ultra Champion

What does EVERYONE mean @somesoni2?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Everyone is denoted by * in the .meta files, which means any authenticated user in Splunk. So if your local.meta/default.meta says access = read : [ * ].., it means the specified artifact can be read by all Splunk users, unless permissions are overridden at app level.

ddrillic
Ultra Champion

But the funny thing is that the user who assigns the permissions to the dashboard, can't see the access = read : [ * ].. settings.

0 Karma

ddrillic
Ultra Champion

I also wonder if we can simply go and modify $SPLUNK_HOME/etc/apps/<app name>/metadata/local.meta for the specific artifact. Meaning, apply the desired changes behind the scenes.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...