I have DB Connect 3.1 installed on my SHC.
I created a DB lookup to provide additional info about host.
I would like to know if it is possible to create a custom role that would grant (and only that) the right to execute
search XXX | dbxlookup mylookup
Especially I want to avoid my users to leverage this access to perform "free" SQL queries against the SQL DB targeted by the lookup... I a afraid what I ask is not possible as it looks permissions can only be granted at identity / connection level.
Also I notice dbxlookup now has an option to create lookup on the fly:
dbxlookup connection=<connection name> query=<SQL query>
This is typically what I would like to avoid my users to be able to do.
Is it possible ?
Note: using dbxquery + outputlookup to periodically update a standard lookup (as suggested by documentation) is something interesting still I would like to perform live query in this specific use case.
Regards.
If you need a "Formal Answer" then post your need for a clarification in the "Post a Comment" section of the documentation page here:
http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Createandmanagedatabaselookups
Try creating a new role with just this capability (and derived from 'user' role).
db_connect_read_dblookup
Indeed I was planning to try what you suggest but as my concern is about data privacy/security, I am looking for a formal answer... I might miss a corner case if I just do a test by myself. I need to be 100% sure there will be no way to anything else that what is exposed by the lookup.