Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create new role capabilities to edit dashboard permission?

bfarr
Explorer
‎08-29-2022 11:44 AM

I have 2 roles A and B - they both inherit only from "user" role.

If they create a dashboard in search they cannot edit the permissions to share the dashboard to "App" so the other role or users in the same role can see their dashboard. By default it is built and remains "private".

If I add all capabilities under "power" role (that aren't in "user") to roles A and B they still cannot edit permissions on their own dashboard to share to "app" context so the dashboard an be shared in search app.

If I add "power" to inheritance of roles A and B roles then they can edit the permissions.

What am I missing?

Labels (1)
Labels
Tags (2)
0 Karma
Reply

bfarr
Explorer
‎08-31-2022 06:24 AM

I did find out that the GUI and rest show different things:

bfarr_0-1661952166719.png

 

REST:

| rest /servicesNS/-/-/configs/conf-authorize splunk_server="local"
| search title IN (role_power role_atest)
| transpose

bfarr_1-1661952229029.png

Now the questions are which one is correct and why are they different?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-30-2022 12:12 AM

Hi

When you want to give permission make KOs shared inside app you must give write access to this app for role which you are using. This has done by meta.local or giving write permission inside manage apps GUI panel.

isoutamo_0-1661843320640.png

or in local.meta inside this app

[]
access = read : [ * ], write : [ admin, A, B ]

r. Ismo

0 Karma
Reply

bfarr
Explorer
‎08-30-2022 08:06 AM

Thank you for the reply but that is not the issue. The issue is that unless I make a new role inherit "power" it cannot edit the KO. It is not even an option.

My new role inherits user and I then added all of the missing capabilities that are in the Power role but it still will not let my new role have the option to edit permissions.

There must be some capabilities that are not exposed in RBAC and I am trying to figure out what these are.

I know some may say just inherit Power and be done.

My issue is that if Splunk is not exposing all capabilities in the GUI(edit KO permissions) than what else may I be adding to a role by inheriting Power that I am unaware of?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-30-2022 01:40 PM
Can you install this app https://splunkbase.splunk.com/app/4111/#/details and try to look what are the differences between roles. I use that successfully when need to figure out same kind of situation with SH and SHC where same role works differently between those.
You could start with those dashboards and then modify those queries to drill down when/if needed.
0 Karma
Reply

bfarr
Explorer
‎08-30-2022 05:07 PM

Thank you for the thought. I actually copied that exact settings from default/authorize.conf for the power role and put it in my role in local/authorize.conf.

I then compared the 2 roles with the following:

  • GUI
  • btool
    • /opt/splunk/bin/splunk btool authorize list role_power --debug
      /opt/splunk/bin/splunk btool authorize list role_atest --debug
  • rest command

    • | rest /services/authorization/roles

      | search title IN (power atest)

      | transpose

Using all three of these methods of validation the only difference between the roles is the name. Other than that they are exactly the same.

 

There appears to be something built into the power role that is not exposed under the capabilities settings.

If I copy over all of the same settings(capabilities) to my new role I cannot edit KO permissions. If I inherit the power role in my new role I can.

 

Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-30-2022 11:12 PM

FYI: As there can be some inheritances between roles etc. I have noticed that those couple of rest queries without recursion are not enough to get all detail information out of those. In my case I have roles which seems to be exactly same with those rest + btool + diff, but after I play some time with that above app I found some differences which are reason for weird behaviour.

0 Karma
Reply

bfarr
Explorer
‎08-30-2022 08:08 AM

I should be very specific and state that it is not an option to edit the permissions on the KO, not that I can't edit the KO itself.

Also, this is a KO (dashboard) created by myself in the role so I own it but still cannot edit permissions unless I inherit Power in the new role I created.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...