Dashboards & Visualizations

How to edit role permissions to prevent a dashboard or report from being deleted from a user with restricted access?

Kieffer87
Communicator

I have several roles that all inherit the power user role. Each custom role is used to restrict access to different indexes. The problem I'm running into is if user A in group A creates a dashboard or report in the search app, user B in group B can go in and delete it. We have set the permissions on the report so that no one can write (unchecked all write options) and checked read for everyone. Why is user B still able to delete user A's report?

I assume this is caused by both users inheriting the power user role but I couldn't find a specific capability listed that would allow them to delete reports/dashboards.

My search app has everyone -read and power - write which I believe would be necessary to allow users to create the objects in the first place.

randy_moore
Path Finder

@Kieffer87 - Did you ever find a solution this? I am running into the same issue

0 Karma

Kieffer87
Communicator

We ended up creating unique roles and apps and locked down write permission to that app.

0 Karma

puneethgowda
Communicator

dashboard
hideTitle = "true"
hideSplunkBar="true"
isVisible="false"
hideAppBar="true"
hideChrome="true"
hideFooter="true"
hideEdit="true" >
label>name of the lable
row>
panel>
title>name of the title

0 Karma

puneethgowda
Communicator

you can use hideEdit="true" so that user can't edit

0 Karma

Kieffer87
Communicator

Thanks for your response but I was actually referring to the entire dashboard itself which is visible by clicking the search app and then selecting the dashboard or reports tabs.

0 Karma

puneethgowda
Communicator

Use Permission option to give read only access to users to the reports and dashboards and try

0 Karma

Kieffer87
Communicator

This works for users, but doesn't keep other power users from deleting.

0 Karma

puneethgowda
Communicator

i am not understanding why power users should not edit dashboard one of the roll of power user is to edit the things if you want to restrict then you can try below option

go to manage apps find edit permission and give read only access to the app to power user

0 Karma

Kieffer87
Communicator

The issue I run into is that I have several thousand users using splunk divided into 20 some roles which allow access to only the indexes they shoudl have access to. Some of these users are allocated the power user role because they need to create dashboards for their data. The problem I run into is that any of the power users for each functional group can delete reports, searches, etc. of power users in a functional group other than their own.

I'm hoping to find a way to restrict delete to objects only created by the user or I suppose restrict delete privileges all together. The only other option I see is creating a separate search app for each functional area and setting the permissions there though this is certainly not ideal.

0 Karma

puneethgowda
Communicator

Good Kiefffer,

You are right and one more thing you must keep it in mind that user should not share their dashboard with other users and other app too

Happy SPlunking

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi Kieffer87,
probably the easiest way is to create two different roles with the same feature but different access rights to the objects: in this way B users cannot edit (or delete) A users objects.
Bye.
Giuseppe

0 Karma

Kieffer87
Communicator

This is what I'm doing. I have two roles, role A and role B. They both inherit from power. The only difference between them is the indexes that the user is allowed to access. However Users in role B can still delete knowledge objects that Users in role A created. There will also be scenarios where a user will have both roles because they need access to both indexes.

I'd like to set the permissions some how that power users can create knowledge objects and only delete objects they created.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi Kieffer87,
create both the roles without inherit from power but with the same features.
In this way you're sure to have two really different roles.
Users can have both or only one role.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...