Dashboards & Visualizations

How to create new role capabilities to edit dashboard permission?

bfarr
Loves-to-Learn

I have 2 roles A and B - they both inherit only from "user" role.

If they create a dashboard in search they cannot edit the permissions to share the dashboard to "App" so the other role or users in the same role can see their dashboard. By default it is built and remains "private".

If I add all capabilities under "power" role (that aren't in "user") to roles A and B they still cannot edit permissions on their own dashboard to share to "app" context so the dashboard an be shared in search app.

If I add "power" to inheritance of roles A and B roles then they can edit the permissions.

What am I missing?

Labels (1)
Tags (2)
0 Karma

bfarr
Loves-to-Learn

I did find out that the GUI and rest show different things:

bfarr_0-1661952166719.png

 

REST:

| rest /servicesNS/-/-/configs/conf-authorize splunk_server="local"
| search title IN (role_power role_atest)
| transpose

bfarr_1-1661952229029.png

Now the questions are which one is correct and why are they different?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

When you want to give permission make KOs shared inside app you must give write access to this app for role which you are using. This has done by meta.local or giving write permission inside manage apps GUI panel.

isoutamo_0-1661843320640.png

or in local.meta inside this app

[]
access = read : [ * ], write : [ admin, A, B ]

r. Ismo

0 Karma

bfarr
Loves-to-Learn

Thank you for the reply but that is not the issue. The issue is that unless I make a new role inherit "power" it cannot edit the KO. It is not even an option.

My new role inherits user and I then added all of the missing capabilities that are in the Power role but it still will not let my new role have the option to edit permissions.

There must be some capabilities that are not exposed in RBAC and I am trying to figure out what these are.

I know some may say just inherit Power and be done.

My issue is that if Splunk is not exposing all capabilities in the GUI(edit KO permissions) than what else may I be adding to a role by inheriting Power that I am unaware of?

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Can you install this app https://splunkbase.splunk.com/app/4111/#/details and try to look what are the differences between roles. I use that successfully when need to figure out same kind of situation with SH and SHC where same role works differently between those.
You could start with those dashboards and then modify those queries to drill down when/if needed.
0 Karma

bfarr
Loves-to-Learn

Thank you for the thought. I actually copied that exact settings from default/authorize.conf for the power role and put it in my role in local/authorize.conf.

I then compared the 2 roles with the following:

  • GUI
  • btool
    • /opt/splunk/bin/splunk btool authorize list role_power --debug
      /opt/splunk/bin/splunk btool authorize list role_atest --debug
  • rest command
    • | rest /services/authorization/roles

      | search title IN (power atest)

      | transpose

Using all three of these methods of validation the only difference between the roles is the name. Other than that they are exactly the same.

 

There appears to be something built into the power role that is not exposed under the capabilities settings.

If I copy over all of the same settings(capabilities) to my new role I cannot edit KO permissions. If I inherit the power role in my new role I can.

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

FYI: As there can be some inheritances between roles etc. I have noticed that those couple of rest queries without recursion are not enough to get all detail information out of those. In my case I have roles which seems to be exactly same with those rest + btool + diff, but after I play some time with that above app I found some differences which are reason for weird behaviour.

0 Karma

bfarr
Loves-to-Learn

I should be very specific and state that it is not an option to edit the permissions on the KO, not that I can't edit the KO itself.

Also, this is a KO (dashboard) created by myself in the role so I own it but still cannot edit permissions unless I inherit Power in the new role I created.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...