All Apps and Add-ons

Modifying Permissions for Lookup Files viewed in the App

ktatis268
New Member

Is it possible to obfuscate lookups that users are do not have access to? I don't think it makes sense to display lookups and kv-stores that the users don't have access to edit. Also they're able to open them in the viewer which may be a bit of a security breach.

We would like our users to only see what they can edit.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Seeing only what you can edit is not very helpful, IMO. Users must have read access to the lookup files needed for their dashboards and reports. Without read access, users will see "lookup file not found" errors.

Only those few (typically admins) trusted to make changes to a lookup should have write access.

---
If this reply helps you, Karma would be appreciated.

dflodstrom
Builder

If you modify the permissions of the lookup and remove read access from that user's role then they will not be able to see it in the list of available lookups.

0 Karma

ktatis268
New Member

That suggestion is, unfortunately, a non-stater in our environment. We have multiple SHCs all of which have over 300+ lookup files... Most of these lookups are the ones that come baked-in with other apps/TAs.

There has to be a better way of obfuscating those files. The stanza below is not helping as I'd hoped.

[lookups]
access = read : [ ] , write : [ admin ]

0 Karma

dflodstrom
Builder

If you only want those with write access to have read access then it shouldn't be that difficult to add this to all of the apps with lookups you want to hide. I'm not suggesting doing this one-by-one by hand but manipulating the permissions with metadata seems to be how this is done.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...