Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to restrict dashboard access to one single user in default.meta file?

sivaranjiniG
Communicator
‎04-23-2019 01:29 AM

I have this in default.meta file 

access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, user ], write : [ addondev_admin, addondev_power, addondev_user, admin ]

addondev_admin
addondev_power
 addondev_user
admin
can_delete
user

These are all the list of users i have in my splunk instance this may get increased drastically may get 20 to 30 users. if i want to exclude permission to one single user(for eg., addondev_user) instead of adding all. Can i do it in this .meta file?

0 Karma
Reply

lakshman239
Influencer
‎04-23-2019 01:40 AM

Are they 'users' or 'roles'? It's a good practice to map users to roles and restrict access to knowledge objects [ e.g. views/yourdashboard] via roles, rather than individual users. So, yes, you can restrict it.

0 Karma
Reply

sivaranjiniG
Communicator
‎04-23-2019 03:14 AM

Thanks for your response 🙂
its roles actually. Let me elaborate my question,

this is the content in .meta file if i exclude a dashboard access for a particular role,

access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, multi1_admin, multi1_power, multi1_user, multi2_admin, multi2_power, multi2_user, power, sivaranjini_02_admin, sivaranjini_02_power, sivaranjini_02_user, sivaranjini_admin, sivaranjini_power, sivaranjini_user, splunk-system-role, user ],
write : [ addondev_admin, addondev_power, addondev_user, admin ]

in Splunk UI i have excluded only one role added remaining, So got this updated in local.meta file. But i have to do this process through python for which i need access local.meta through my script. in this case instead of including everything Can i just use something like regex to exclude one single role

0 Karma
Reply

lakshman239
Influencer
‎04-23-2019 03:52 AM

No. I don't think the values for access can accept anything other than "*" OR actual roles.

Do you need to exclude access to one particular role for all the dashboards or just one dashboard? If its later, it could be easier to implement access rules only for that dashboard.

Do you really need those many roles? if your roles follow a pattern or hierarchy/inheritance, you can use the lowest role for access:read ( so any role inheriting will have access as well).

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...