All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 3 - how to grant a role only to perform predefined dbxlookup, nothing else

sylbaea
Communicator
‎06-29-2017 08:13 AM

I have DB Connect 3.1 installed on my SHC.
I created a DB lookup to provide additional info about host.

I would like to know if it is possible to create a custom role that would grant (and only that) the right to execute
search XXX | dbxlookup mylookup

Especially I want to avoid my users to leverage this access to perform "free" SQL queries against the SQL DB targeted by the lookup... I a afraid what I ask is not possible as it looks permissions can only be granted at identity / connection level.

Also I notice dbxlookup now has an option to create lookup on the fly:

 dbxlookup connection=<connection name> query=<SQL query>

This is typically what I would like to avoid my users to be able to do.

Is it possible ?
Note: using dbxquery + outputlookup to periodically update a standard lookup (as suggested by documentation) is something interesting still I would like to perform live query in this specific use case.

Regards.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-29-2017 02:48 PM

If you need a "Formal Answer" then post your need for a clarification in the "Post a Comment" section of the documentation page here:

http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Createandmanagedatabaselookups

0 Karma
Reply

somesoni2
Revered Legend
‎06-29-2017 08:32 AM

Try creating a new role with just this capability (and derived from 'user' role).

db_connect_read_dblookup
Reply

sylbaea
Communicator
‎06-29-2017 08:37 AM

Indeed I was planning to try what you suggest but as my concern is about data privacy/security, I am looking for a formal answer... I might miss a corner case if I just do a test by myself. I need to be 100% sure there will be no way to anything else that what is exposed by the lookup.

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...