topic Re: What are the options for dashboard permissions? in Dashboards & Visualizations

What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 16:06:08 GMT

When setting the Edit Permissions for a dashboard, our users see the Everyone option and the roles they belong to. Is there a way to customize it beyond this way?

Interestingly, we have in <app>/metadata/local.meta -

[]
access = read : [ admin,<user role> ], write : [ admin …]
export = none

And the user who is part of the user role could not see anything unless we assigned the permissions to EVERYONE – Read.

Re: What are the options for dashboard permissions?

somesoni2 — Thu, 21 Feb 2019 17:24:20 GMT

What you want your Edit Permissions options to be?

Re: What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 17:28:39 GMT

A certain user role, because we ended up having separate roles for power and user. So, the power user can't assign permissions to the corresponding user role of this specific app.

Re: What are the options for dashboard permissions?

somesoni2 — Thu, 21 Feb 2019 17:33:45 GMT

You'd probably have to nest/inherit your 'power' user role from 'user' role to do that. As you've already identified"our users see the Everyone option and the roles they belong to/inherit from."

Re: What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 18:00:45 GMT

Makes perfect sense @somesoni2.

What's the relation between this dashboard setting and the settings in <app>/metadata/local.meta because here at the app level 'user' does have read access?

Re: What are the options for dashboard permissions?

somesoni2 — Thu, 21 Feb 2019 19:34:27 GMT

The default app level (one with [] or no stanza name) defines the access permissions on the app. A user has read permissions on the app means user can see the app in the app dropdown/tile on side bar and can launch the app. Sharing permissions on artifacts are handled explicitly.

Re: What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 20:00:13 GMT

@somesoni2 - gorgeous as usual - much appreciated.

Re: What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 20:21:46 GMT

What does EVERYONE mean @somesoni2?

Re: What are the options for dashboard permissions?

somesoni2 — Thu, 21 Feb 2019 20:41:32 GMT

Everyone is denoted by * in the .meta files, which means any authenticated user in Splunk. So if your local.meta/default.meta says access = read : [ * ].., it means the specified artifact can be read by all Splunk users, unless permissions are overridden at app level.

Re: What are the options for dashboard permissions?

ddrillic — Thu, 21 Feb 2019 20:59:16 GMT

But the funny thing is that the user who assigns the permissions to the dashboard, can't see the access = read : [ * ].. settings.

Re: What are the options for dashboard permissions?

ddrillic — Fri, 22 Feb 2019 20:32:45 GMT

I also wonder if we can simply go and modify $SPLUNK_HOME/etc/apps/<app name>/metadata/local.meta for the specific artifact. Meaning, apply the desired changes behind the scenes.