Hi Splunkers.
Is there an easy way implement a dynamic navigation menu for an application based on permissions?
To elaborate, I am trying to set up a single landing page for all users of a particular application.
The application monitors multiple environments using different indexes. Say "Test" and "Live".
On the app's nav menu I want to have an option for each of the environments (with submenus relevant to each option).
I want the nav menu to only display menu options for areas the user has permissions to access.
i.e. If the user does NOT have access to Live, then (Live would not appear on the nav menu at all).
For example, the nav menu for a user with access to "Test" and "Live" might display as:
*About | Test | Live | Reports | Notifications *
As this user has access to both Live and Test then they would both appear on the menu.
Another user with access to just the Test environment might see:
About | Test | Reports | Notifications
(Not that the "Live" option does not appear)
Finally, an admin user might see:
About | Admin Tools | Search | Test | Live | Reports | Notifications
.. with extra options displayed above and beyond those show to regular users.
The nav menu would be dynamic in that it would only display items available to that user.
I realize I could have different nav bars for different users but would mean having to maintain nav bars for every combination of user (a maintenance nightmare) so I'm looking for a solution that generate the nav bar dynamically.
(A search doesn't find anything relevant to what I am trying to achieve)
Thanks.
If all the subitems are not accessible by the user, the whole collection will be hidden.
Would that work ?
If all the subitems are not accessible by the user, the whole collection will be hidden.
Would that work ?
I've just tested this out under the following scenarios:
Once the permissions are removed for the submenu items for the test user, they both still appear (Despite returning a 500 or 404 error when the user clicks on each of the submenu items).
i.e. under both scenarios, the top-level nav menu is visible, as are both the submenus, regardless of whether the user has access to the submenu options or not.
Is there some other permission control needed to ensure the entire collection (or an individual submenu) disappears for users without access to submenus of that collection?
Could you send a screenshot of the navigation default xml file ?
{Unable to upload images in comment, only an answer.}
Seems image cannot be posted. Just put the xml text
default.xml:
<nav color="#959395">
<view name="APP_landing_page" default='true' />
<collection label="Live Env">
{Other items removed}
</collection>
<collection label="Testing Env - Collection_test">
<!-- An admin option to which the test user has no access -->
<a href="/app/manager/testing/fields">Update fields</a>
<a href="/app/testing/app_authapp">Service Usage</a>
</collection>
<view name="search" />
<collection label="About">
<a href="linking">Link for the About section</a>
</collection>
</nav>
Edit: Can a moderator please remove the answer below?
None other than not realising there was an alternative way of doing it.
the .xml above was based on other online examples of Splunk navs.
source: https://answers.splunk.com/answers/96443/a-link-to-another-apps-in-navigation-menu.html
Can you please elaborate?
Do you mean that all the hrefs need to be turned into views?
For example:
<a href="/app/testing/app_authapp">Service Usage</a>
would become:
<view name="Service Usage">
In your case is better to use the "view" tag. Only thing is if your views belong to a diff app you will need to make them global (shared so the other apps can see it) and also make sure the names are different, that way when you are referencing a specific view by name there is only one possible match.
I would use the "a href" tag to reference external website or when the dashboards have same names so I need to specify the app names. The problem is the "permissions" do not work properly.
Thanks mgarciar.
All working now. Changing from tags to views did the trick.
As I was already trying to simplify permissions for the 2 x apps, found it easier to migrate them both into the one app and avoid having to jump between multiple apps depending on with nav option the user chose.
Ok. If you use the
a href
tag the default permission won't work. All what I said works for if you usie the tag
view
Each "option" would be part of a separate app.
i.e. Each top-level entry on the nav menu would be part of a separate application.
So if I understand you correctly, one doesn't need to specifically set the permissions on the nav submenu items for them to only appear to users of that particular security level?
i.e. the nav submenu items inherit the permissions of the actual item the menu refers to itself (the destination when the menu item is clicked on).
For example, if there was a nav menu top level item of "Live" (an environment-specific app), with options underneath of "Reports", "Alerts" (etc), these would only show up on the nav menu for a user with permissions allowing access to views for Reports and Alerts in the Live app, correct?
Yes and if all subitems from a Menu Item are not visible, the Menu Item (Collection tag) won't be visible at all.
Thanks mgarciar.
I understand that 2nd-level options underneath the nav text (for instance, the sub-items items underneath "Live" in the menu sample of my OP) would disappear if the user has no access to them.
How does this work though for the text of the nav menus themselves i.e. the "About", "Test", "Reports" and "Notifications" menus above?
They are currently displayed on the nav menu via a "collection" and text label:
Submenu 1
Submenu 2
etc..
The label text being the actual text that is displayed on the nav menu at the top level.
Using your suggestion, how would a permission be associated with that label to determine whether the top-level menu should be displayed or not when compared to the user's permissions/capabilities?
If the user doesn't have access to the Live environment, I don't want the "Live" option to appear at all on the nav menu.
Thanks.
If your properly create roles and assign access permissions to the dashboards (or apps if each option is part of a separate app) based on the roles the navigation menu will automatically remove the items the user does not have access.
One limitation (as far as I know), your menu need to reference the views using the tags and not the tag.