Hello,
I have a user that just needs to view a particular dashboard when logging into Splunk. I do not want him to have access to anything else, just the dashboard by default so that he can view and export panel metrics as needed. Is it possible to lock Splunk down this tight for a user? If so, how?
Thank you both for your input! Is there a way to split the points?
Hi @itsmevic,
you can restrict access using the share properties, in other words, you have to create a role that has grants access only on the dashboard you want and its app and its knowledge objects (fields, tags, eventtypes, etc...) and its indexes.
Then you can define a default app for this role, in tis way, when the user accesses to Splunk he's directly redirected to the App containing the dashboard.
Obviously the dashboard must have some specs:
Ciao.
Giuseppe
Dashboard access controls can be done only for splunk roles. So you need to create a separate role for this user with some basic capabilities to access dashboard. And also map user's LDAP/SAML group name to this role in authentication.conf.
authorize.conf
[role_new_user_role]
srchIndexesAllowed = <INDEXES_THIS_ROLE_CAN_ACCESS>
export_results_is_visible = enabled
get_metadata = enabled
get_typeahead = enabled
list_inputs = enabled
rest_apps_view = enabled
rest_properties_get = enabled
search = enabled
Once role is added you can edit dashboard permissions to provide read permissions to to this role.