topic Splunk DB Connect access control not working as expected with dbxquery command in All Apps and Add-ons https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-DB-Connect-access-control-not-working-as-expected-with/m-p/611554#M77549 <P>Hello there,</P><P>I am trying to implement some access control with DB Connect.</P><P>I want to do something basic like:</P><P>- users from role_a can only query db_a<BR />- users from role_b can only query db_b</P><P>So I have meta files below:</P><P>default.meta:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">[] access = read [ admin , role_a, role_b ]</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>local.meta:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">[db_connections/db_a] access = read [ role_a ] [identities/db_a] access = read [ role_a ] [db_connections/db_b] access = read [ role_b ] [identities/db_b] access = read [ role_b ]</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity.</P><P>However, I am still able to retrieve data from db_b using dbxquery:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">| dbxquery "select ..." connection=db_b</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>It will still work despite not having read access to db_b connection/identity objects.</P><P>Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?</P> Thu, 01 Sep 2022 08:03:10 GMT alhoctamis 2022-09-01T08:03:10Z Splunk DB Connect access control not working as expected with dbxquery command https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-DB-Connect-access-control-not-working-as-expected-with/m-p/611554#M77549 <P>Hello there,</P><P>I am trying to implement some access control with DB Connect.</P><P>I want to do something basic like:</P><P>- users from role_a can only query db_a<BR />- users from role_b can only query db_b</P><P>So I have meta files below:</P><P>default.meta:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">[] access = read [ admin , role_a, role_b ]</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>local.meta:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">[db_connections/db_a] access = read [ role_a ] [identities/db_a] access = read [ role_a ] [db_connections/db_b] access = read [ role_b ] [identities/db_b] access = read [ role_b ]</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity.</P><P>However, I am still able to retrieve data from db_b using dbxquery:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">| dbxquery "select ..." connection=db_b</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>It will still work despite not having read access to db_b connection/identity objects.</P><P>Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?</P> Thu, 01 Sep 2022 08:03:10 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-DB-Connect-access-control-not-working-as-expected-with/m-p/611554#M77549 alhoctamis 2022-09-01T08:03:10Z