Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After removing permission dashboard_role from "Search & Reporting", why do users get Error Message 404 trying to view a custom app (template sample app)?

nikkkc
Path Finder
‎12-29-2015 07:40 AM

I have almost the same problem as the user on the following post:
https://answers.splunk.com/answers/111356/restrict-user-to-view-only-specified-dashboards-in-one-app...

I did nearly the same steps to build a custom app (I used the template sample app). I built specific Dashboards for a "normal" User.
Everything is working perfectly as long as I leave the role for "search & reporting" in the user group, but if I remove the permission dashboard_role from "search & Reporting", user gets error message http 404.

I want to mention that I have a few apps with role permissions and they work fine. I copied all the capabilities from the standard user role. Additionally, I checked the View permissions, Settings>>User Interface. The view for search is read Everyone.

Can someone help me please,
thanks in advance

In the webservice.log, there is the following entry:

WARNING [56829eda99aa94851240] appnav:379 - An unknown view name "dashboards" is referenced in the navigation definition for "Custom_Dashboard_App".
INFO    [56829eda99aa94851240] error:129 - Masking the original 404 message: 'Splunk cannot find the  "dashboards" view.' with 'Page not found!' for security reasons
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎12-29-2015 07:56 AM

There are too many features, commands, etc that depend on the search and reporting app for you to just arbitrarily disable it for specific users. Somewhere in the documentation it mentions that ALL USERS MUST have access to the searching & reporting app, but I cant find a link to point you to.

Of course you'll find many people who have "made" this work, but I'm certain they ran into issues they havent mentioned in their threads where the "made" it work.

Here's just one issue that arises without access to search and reporting app:
https://answers.splunk.com/answers/316335/how-users-without-read-permission-on-search-app-ca.html

In short... DO NOT DISABLE THE SEARCH AND REPORTING APPLICATION FOR ANYONE.

Making it invisible also has unintended consequences because you cant just make it invisible to specific users and many of the administrative menus are in the search and reporting app. You could reverse engineer the entire app... looking over all the code to ensure you update file system paths, etc. You'll first end up with duplicate entries in your administrative menus. To fix that you'll have to remove the navigational settings from the app the users can see, but leave the commands in /bin... and then remove the commands from the admin app but leave the navigational & html / view settings etc. It can be done, but it will not be supported by splunk. You'll in effect ruin any possibility of a "seamless" upgrade path and probably not get any support from Splunk.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎12-29-2015 07:56 AM

There are too many features, commands, etc that depend on the search and reporting app for you to just arbitrarily disable it for specific users. Somewhere in the documentation it mentions that ALL USERS MUST have access to the searching & reporting app, but I cant find a link to point you to.

Of course you'll find many people who have "made" this work, but I'm certain they ran into issues they havent mentioned in their threads where the "made" it work.

Here's just one issue that arises without access to search and reporting app:
https://answers.splunk.com/answers/316335/how-users-without-read-permission-on-search-app-ca.html

In short... DO NOT DISABLE THE SEARCH AND REPORTING APPLICATION FOR ANYONE.

Making it invisible also has unintended consequences because you cant just make it invisible to specific users and many of the administrative menus are in the search and reporting app. You could reverse engineer the entire app... looking over all the code to ensure you update file system paths, etc. You'll first end up with duplicate entries in your administrative menus. To fix that you'll have to remove the navigational settings from the app the users can see, but leave the commands in /bin... and then remove the commands from the admin app but leave the navigational & html / view settings etc. It can be done, but it will not be supported by splunk. You'll in effect ruin any possibility of a "seamless" upgrade path and probably not get any support from Splunk.

Reply
Solved! Jump to solution

nikkkc
Path Finder
‎12-29-2015 11:32 PM

Ok is it possible to make it unvisible for a specific usergroup?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-06-2016 03:49 AM

It's certainly possible, but it will cause unintended consequences. If you just remove read & write access to a specific role, then users in that specific role will not see it any more. They might also have unintended difficulties such as some commands not working, menus not available etc.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...