Dashboards & Visualizations

How to allow users to share their dashboard?

Builder

Users would like to share their own dashboard to a group, which capability should I add to their role?

Is it possible with version 6.2.3 or 6.5.2 ?

Thanks.

0 Karma

Communicator

Here is the solution for this question,

Solution recommended by Splunk

Yes, this is doable, I just helped someone in a similar situation. There are two ways, you can have permissions so that when someone is creating a new search they can start out creating it shareable (i.e. for the app) or the more user friendly way where they can just select the search and change owner from Private to App. To do the latter, you need to create a role that has global write access to that app, then assign this role to the appropriate users.

1.) Create a new role.

2.) As an admin user, in the Splunk Bar at the top of the web interface, select Apps -> Manage Apps . Find the app(s) you'd like to grand permission for and select "Permissions" under the Sharing column. In this list, for the app you're editing permissions, you should see your new role visible, select the checkmark for the write column to enable that role. Then try accessing with a user given that new role and they should be able to share their saved search (change ownership). Alternatively, you could just grant the user role write access to the app (but this would be open to all users, in case you only wanted some users to save searches to an app). A work around without doing anything could also be to have them edit their search and do a "Save As", where they make sure the App is selected to be shared with and save a copy of the search to make available to users. (This might require creating specialized permissions as well, shown in the links below).

If you're curious to see the settings in files to edit, they are in app metadata files. Here are a couple official links with the information above and what we discussed:

http://dev.splunk.com/view/webframework-developapps/SP-CAAAE88
http://docs.splunk.com/Documentation/Splunk/latest/Security/Addmanagementaccesstocustomroles

I hope this helps everyone, I followed the second option and it works.

Champion

To share dashboards the user must have write permissions to the app they want to share the dashboard in. Granting power user will do this, but as stated previously, it is almost certainly overkill.

Instead, I'd suggest creating an app that members of a new role (which you also need to create, and add mentioned users to) has been granted write permission on. The default.meta for this app might look like:

[]
access = read : [ * ], write : [<newrolename>]

Contributor

I read the above chain, and yes, Power User will enable users to change permissions and share their dashboards, but the problem is that it also enables way too much capability. For example, the first thing I noticed was that this user (now Power User) can also see all dashboards and indexes -- even if their role includes both Power and User.

It seems the permission model is not applying least-privileged principles...

0 Karma

Contributor

Correct. Splunk uses a most-privileged security model

Inheritance
As a rule, members of multiple roles inherit properties from the role with the broadest permissions.

https://docs.splunk.com/Documentation/Splunk/8.0.0/Security/Aboutusersandroles

0 Karma

Splunk Employee
Splunk Employee

Dashboards are shared in the context of the app they are part of. You can share a dashboard with the other users who have permission to see that app. See Configure dashboard permissions in the Dashboards and Visualizations manual.

Builder

Hello Chris, users can't choose if the dashboard is private or shared in the app when creating or editing it, which capabilities should I give them? Thanks.

0 Karma

Splunk Employee
Splunk Employee

That's odd, even with basic user permissions, people should be able to share a dashboard with another user. I am not sure of the specific capability that enables you to share a dashboard in an app. It might be admin_all_objects, which would grant more permission than you probably want.

0 Karma

Builder

According to the documentation, it may allow "access and modify any object in the system (user objects, search jobs, etc.)" which may be dangerous?

0 Karma

Splunk Employee
Splunk Employee

Yes, that is what I meant when I said "more permission than you probably want."

Someone with more thorough knowledge of capabilities than I have might be able to offer more detailed guidance.

0 Karma

Motivator

I asked this question in october last year
What permissions can I give a role that will allow users to share searches and dashboards?

I tested the answer and could see that you need to have power user as a minimum to share dashboards

Builder

Power role has these capabilities :

embedreport
rtsearch
schedule
search

so I guess embed_report is enough to allow sharing dashboards?

Thanks.

0 Karma