https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56411#M179864 <P>We will look into this and consider per-database entitlements a feature for an upcoming release. Thanks for raising the issue.</P> Fri, 07 Dec 2012 17:30:17 GMT Dan 2012-12-07T17:30:17Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56400#M179853 <P>Do I get it right that after the successful setup of the <STRONG>Splunk DB Connect</STRONG> every Splunk user can access the configured databases? <BR /> This is not acceptable for almost every environment. I wonder how to implement access control at least per external database on a role basis. It would be nice, if Splunk would implement this feature. You should be able to choose the Roles which are allowed to use an external database, don't you think?</P> Thu, 06 Dec 2012 13:59:02 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56400#M179853 dabbank 2012-12-06T13:59:02Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56401#M179854 <P>Can't you just set the permissions for the DB Connect application itself to only allow certain roles to access it? That's what I do and only the admin role can access the Splunk DB Connect interface, views, commands.</P> <P>I haven't set up lookups yet but I have set up multiple monitoring inputs that push data to different indexes. Indexes have their own permissions settings.</P> <P>These seem like obvious settings so I'm concerned that I'm missing something on my end and users can access the databases. Can you tell me specifically how all users access the configured db?</P> <P>Thanks,J</P> Thu, 06 Dec 2012 20:15:25 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56401#M179854 jpass 2012-12-06T20:15:25Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56402#M179855 <P>To limit the access for the whole application to certain roles is of course no solution. The entitlement for a specific database is user dependent. I can not name a role with access to all databases. Application wide permissions render the DB Connect useless.<BR /> I would like to grant the users e.g. R/O access to "their" databases so they can use "dbquery" and "lookup" within searches.</P> Fri, 07 Dec 2012 07:23:18 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56402#M179855 dabbank 2012-12-07T07:23:18Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56403#M179856 <P>How many databases do you access? Another solution could be to have multiple versions of the db connect app installed but renamed for their different purposes. Of course this is a bit of a hack, plus it would break any automatic updates.</P> Fri, 07 Dec 2012 08:56:51 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56403#M179856 Drainy 2012-12-07T08:56:51Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56404#M179857 <P>Not only do we run numerous database but I also want to implement separate entries using different users for the same database. Hereby I could use the database restrictions to adjust the capabilities for my Splunk users. I consider a separate instance for every access profile not even as workaround -- who knows about side effects and the waste of resources caused by this approach.<BR /> The DB Connect application is from 2005 and does not support a proper rights management. Do we really talk about an enterprise solution?</P> Fri, 07 Dec 2012 12:03:20 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56404#M179857 dabbank 2012-12-07T12:03:20Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56405#M179858 <P>Uh, the DB connect is not from 2005, it was just released.</P> Fri, 07 Dec 2012 12:44:09 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56405#M179858 Ayn 2012-12-07T12:44:09Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56406#M179859 <P>All files of the app state<BR /> <STRONG>Copyright (C) 2005-2012 Splunk Inc. All Rights Reserved.</STRONG></P> Fri, 07 Dec 2012 15:04:34 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56406#M179859 dabbank 2012-12-07T15:04:34Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56407#M179860 <P>Thats the generic Splunk copyright, have a scroll to the bottom of the page. I believe thats probably the year it came into existence</P> Fri, 07 Dec 2012 15:44:31 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56407#M179860 Drainy 2012-12-07T15:44:31Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56408#M179861 <P>I played with the app and found some interesting results:</P> <P>The permissions defined in <EM>etc/apps/dbx/metadata/default.meta</EM> overule the settings in <EM>etc/apps/dbx/metadata/local.meta</EM>. Therefore you can not use the WebGUI to adjust the access rights. E.g. only the role <EM>admin</EM> can use the <EM>dbquery</EM> command per default.<BR /> I changed all role settings within the default file to "*" and now it works as expected.</P> Fri, 07 Dec 2012 16:13:15 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56408#M179861 dabbank 2012-12-07T16:13:15Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56409#M179862 <P>The settings in <EM>apps/search/metadata/local.meta</EM> are respected half way. You can add an <EM>access</EM>-line within the stanza for an external database connection</P> <P><CODE>[database/MyDB]<BR /> access = read : [ admin, db_admin ]</CODE></P> <P>At least Splunk respects the read permissions while you edit the settings. E.g. if a user has no read access, he does not see the configured connection underneath <EM>External Databases</EM><BR /> A lack of read permissions does not stop the user from using the external database within <EM>dbquery</EM>, though.</P> Fri, 07 Dec 2012 16:13:49 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56409#M179862 dabbank 2012-12-07T16:13:49Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56410#M179863 <P>If a user should be able to configure database connections himself, he needs the <EM>admin_all_objects</EM> capability in his role <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Mon, 28 Sep 2020 12:55:40 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56410#M179863 dabbank 2020-09-28T12:55:40Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56411#M179864 <P>We will look into this and consider per-database entitlements a feature for an upcoming release. Thanks for raising the issue.</P> Fri, 07 Dec 2012 17:30:17 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56411#M179864 Dan 2012-12-07T17:30:17Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56412#M179865 <P>any updates on this Dan?</P> Wed, 06 Feb 2013 06:11:55 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56412#M179865 batcave 2013-02-06T06:11:55Z https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56413#M179866 <P>This is high on the docket but I can't provide a timeframe yet</P> Tue, 12 Feb 2013 22:38:49 GMT https://community.splunk.com/t5/Splunk-Search/Access-Control-for-Splunk-DB-Connect/m-p/56413#M179866 Dan 2013-02-12T22:38:49Z