Archive
Highlighted

Dashboard Access

Communicator

Hello,

 I have a user that just needs to view a particular dashboard when logging into Splunk.  I do not want him to have access to anything else, just the dashboard by default so that he can view and export panel metrics as needed.  Is it possible to lock Splunk down this tight for a user?  If so, how?
Tags (1)
0 Karma
Highlighted

Re: Dashboard Access

Influencer

Dashboard access controls can be done only for splunk roles. So you need to create a separate role for this user with some basic capabilities to access dashboard. And also map user's LDAP/SAML group name to this role in authentication.conf.

authorize.conf

[role_new_user_role]
srchIndexesAllowed = <INDEXES_THIS_ROLE_CAN_ACCESS>
export_results_is_visible = enabled
get_metadata = enabled
get_typeahead = enabled
list_inputs = enabled
rest_apps_view = enabled
rest_properties_get = enabled
search = enabled

Once role is added you can edit dashboard permissions to provide read permissions to to this role.

0 Karma
Highlighted

Re: Dashboard Access

Legend

Hi @itsmevic,
you can restrict access using the share properties, in other words, you have to create a role that has grants access only on the dashboard you want and its app and its knowledge objects (fields, tags, eventtypes, etc...) and its indexes.
Then you can define a default app for this role, in tis way, when the user accesses to Splunk he's directly redirected to the App containing the dashboard.
Obviously the dashboard must have some specs:

  • it's the default page of the dashboard,
  • it's disabled every drilldown to the search page (Open in search button).

Ciao.
Giuseppe

0 Karma
Highlighted

Re: Dashboard Access

Communicator

Thank you both for your input! Is there a way to split the points?

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.