We are looking into utilizing the website monitoring status page as a status page for multiple tenants. We already use a separate MFA to authenticate to the .../website_monitoring/... page, but the hope is that we can further subdivide the access so that specific tenants can only see specific monitored URLs that we want them to know about, rather than being able to see every URL that we are monitoring.
Can the users view of the monitored URLs in the website_monitoring app's status page be tied to their group and the index access they have?
Using Splunk's Role Based Access controls, you can limit a user to only a few indexes that contain the data they contain. That is considered the best approach for separating data.
In this way, you would have a separate role for each tenant, and each tenant's data would go into a separate index.
If the data is all in a single index, you may be able to use search time filters, but this is less preferred.
Thanks for the response sduff. We are utilizing splunk's RBAC for index control and access already, and do limit which indexes users have access to, can search, etc.
My question specifically pertains to the Splunk app 'Website Montoring" and the status page that is created for this app (ie. splunk.oursite.tld/en-US/app/websitemonitoring/statusoverview). We want to limit access to it in a similar fashion as with the roles we have set up for the indexes, but I have not found any documentation that spells this out or suggests this possibility. However, it seems like this should be feasible.