All Apps and Add-ons

Splunk DB Connect access control not working as expected with dbxquery command

alhoctamis
Explorer

Hello there,

I am trying to implement some access control with DB Connect.

I want to do something basic like:

- users from role_a can only query db_a
- users from role_b can only query db_b

So I have meta files below:

default.meta:

 

 

[]
access = read [ admin , role_a, role_b ]

 

 

local.meta:

 

 

[db_connections/db_a]
access = read [ role_a ]

[identities/db_a]
access = read [ role_a ]

[db_connections/db_b]
access = read [ role_b ]

[identities/db_b]
access = read [ role_b ]

 

 

As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity.

However, I am still able to retrieve data from db_b using dbxquery:

 

 

| dbxquery "select ..." connection=db_b

 

 

It will still work despite not having read access to db_b connection/identity objects.

Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...