topic Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access? in Dashboards & Visualizations

How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Tue, 18 Apr 2017 19:42:16 GMT

I have several roles that all inherit the power user role. Each custom role is used to restrict access to different indexes. The problem I'm running into is if user A in group A creates a dashboard or report in the search app, user B in group B can go in and delete it. We have set the permissions on the report so that no one can write (unchecked all write options) and checked read for everyone. Why is user B still able to delete user A's report?

I assume this is caused by both users inheriting the power user role but I couldn't find a specific capability listed that would allow them to delete reports/dashboards.

My search app has everyone -read and power - write which I believe would be necessary to allow users to create the objects in the first place.

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

gcusello — Wed, 19 Apr 2017 07:07:30 GMT

Hi Kieffer87,
probably the easiest way is to create two different roles with the same feature but different access rights to the objects: in this way B users cannot edit (or delete) A users objects.
Bye.
Giuseppe

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

puneethgowda — Wed, 19 Apr 2017 07:19:56 GMT

dashboard
hideTitle = "true"
hideSplunkBar="true"
isVisible="false"
hideAppBar="true"
hideChrome="true"
hideFooter="true"
hideEdit="true" >
label>name of the lable
row>
panel>
title>name of the title

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

puneethgowda — Wed, 19 Apr 2017 07:20:23 GMT

you can use hideEdit="true" so that user can't edit

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Wed, 19 Apr 2017 13:51:02 GMT

Thanks for your response but I was actually referring to the entire dashboard itself which is visible by clicking the search app and then selecting the dashboard or reports tabs.

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Wed, 19 Apr 2017 13:52:48 GMT

This is what I'm doing. I have two roles, role A and role B. They both inherit from power. The only difference between them is the indexes that the user is allowed to access. However Users in role B can still delete knowledge objects that Users in role A created. There will also be scenarios where a user will have both roles because they need access to both indexes.

I'd like to set the permissions some how that power users can create knowledge objects and only delete objects they created.

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

gcusello — Wed, 19 Apr 2017 14:28:41 GMT

Hi Kieffer87,
create both the roles without inherit from power but with the same features.
In this way you're sure to have two really different roles.
Users can have both or only one role.
Bye.
Giuseppe

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

puneethgowda — Wed, 19 Apr 2017 14:46:01 GMT

Use Permission option to give read only access to users to the reports and dashboards and try

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Wed, 19 Apr 2017 17:07:15 GMT

This works for users, but doesn't keep other power users from deleting.

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

puneethgowda — Wed, 19 Apr 2017 17:13:53 GMT

i am not understanding why power users should not edit dashboard one of the roll of power user is to edit the things if you want to restrict then you can try below option

go to manage apps find edit permission and give read only access to the app to power user

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Wed, 19 Apr 2017 17:20:52 GMT

The issue I run into is that I have several thousand users using splunk divided into 20 some roles which allow access to only the indexes they shoudl have access to. Some of these users are allocated the power user role because they need to create dashboards for their data. The problem I run into is that any of the power users for each functional group can delete reports, searches, etc. of power users in a functional group other than their own.

I'm hoping to find a way to restrict delete to objects only created by the user or I suppose restrict delete privileges all together. The only other option I see is creating a separate search app for each functional area and setting the permissions there though this is certainly not ideal.

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

puneethgowda — Wed, 19 Apr 2017 17:31:50 GMT

Good Kiefffer,

You are right and one more thing you must keep it in mind that user should not share their dashboard with other users and other app too

Happy SPlunking

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

randy_moore — Thu, 07 Jun 2018 18:37:00 GMT

@Kieffer87 - Did you ever find a solution this? I am running into the same issue

Re: How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87 — Thu, 07 Jun 2018 18:40:52 GMT

We ended up creating unique roles and apps and locked down write permission to that app.