Archive
Highlighted

Access Control for Splunk DB Connect

Path Finder

Do I get it right that after the successful setup of the Splunk DB Connect every Splunk user can access the configured databases?
This is not acceptable for almost every environment. I wonder how to implement access control at least per external database on a role basis. It would be nice, if Splunk would implement this feature. You should be able to choose the Roles which are allowed to use an external database, don't you think?

Highlighted

Re: Access Control for Splunk DB Connect

Contributor

Can't you just set the permissions for the DB Connect application itself to only allow certain roles to access it? That's what I do and only the admin role can access the Splunk DB Connect interface, views, commands.

I haven't set up lookups yet but I have set up multiple monitoring inputs that push data to different indexes. Indexes have their own permissions settings.

These seem like obvious settings so I'm concerned that I'm missing something on my end and users can access the databases. Can you tell me specifically how all users access the configured db?

Thanks,J

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Path Finder

To limit the access for the whole application to certain roles is of course no solution. The entitlement for a specific database is user dependent. I can not name a role with access to all databases. Application wide permissions render the DB Connect useless.
I would like to grant the users e.g. R/O access to "their" databases so they can use "dbquery" and "lookup" within searches.

Highlighted

Re: Access Control for Splunk DB Connect

Champion

How many databases do you access? Another solution could be to have multiple versions of the db connect app installed but renamed for their different purposes. Of course this is a bit of a hack, plus it would break any automatic updates.

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Path Finder

Not only do we run numerous database but I also want to implement separate entries using different users for the same database. Hereby I could use the database restrictions to adjust the capabilities for my Splunk users. I consider a separate instance for every access profile not even as workaround -- who knows about side effects and the waste of resources caused by this approach.
The DB Connect application is from 2005 and does not support a proper rights management. Do we really talk about an enterprise solution?

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Legend

Uh, the DB connect is not from 2005, it was just released.

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Path Finder

All files of the app state
Copyright (C) 2005-2012 Splunk Inc. All Rights Reserved.

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Champion

Thats the generic Splunk copyright, have a scroll to the bottom of the page. I believe thats probably the year it came into existence

0 Karma
Highlighted

Re: Access Control for Splunk DB Connect

Splunk Employee
Splunk Employee

We will look into this and consider per-database entitlements a feature for an upcoming release. Thanks for raising the issue.

Highlighted

Re: Access Control for Splunk DB Connect

Explorer

any updates on this Dan?

0 Karma