Dashboards & Visualizations

How to restrict dashboard access to one single user in default.meta file?

sivaranjiniG
Path Finder

I have this in default.meta file

access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, user ], write : [ addondev_admin, addondev_power, addondev_user, admin ]

addondev_admin
addondev_power
 addondev_user
admin
can_delete
user 

These are all the list of users i have in my splunk instance this may get increased drastically may get 20 to 30 users. if i want to exclude permission to one single user(for eg., addondev_user) instead of adding all. Can i do it in this .meta file?

0 Karma

lakshman239
SplunkTrust
SplunkTrust

Are they 'users' or 'roles'? It's a good practice to map users to roles and restrict access to knowledge objects [ e.g. views/yourdashboard] via roles, rather than individual users. So, yes, you can restrict it.

0 Karma

sivaranjiniG
Path Finder

Thanks for your response 🙂
its roles actually. Let me elaborate my question,

this is the content in .meta file if i exclude a dashboard access for a particular role,

access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, multi1_admin, multi1_power, multi1_user, multi2_admin, multi2_power, multi2_user, power, sivaranjini_02_admin, sivaranjini_02_power, sivaranjini_02_user, sivaranjini_admin, sivaranjini_power, sivaranjini_user, splunk-system-role, user ],
write : [ addondev_admin, addondev_power, addondev_user, admin ]

in Splunk UI i have excluded only one role added remaining, So got this updated in local.meta file. But i have to do this process through python for which i need access local.meta through my script. in this case instead of including everything Can i just use something like regex to exclude one single role

0 Karma

lakshman239
SplunkTrust
SplunkTrust

No. I don't think the values for access can accept anything other than "*" OR actual roles.

Do you need to exclude access to one particular role for all the dashboards or just one dashboard? If its later, it could be easier to implement access rules only for that dashboard.

Do you really need those many roles? if your roles follow a pattern or hierarchy/inheritance, you can use the lowest role for access:read ( so any role inheriting will have access as well).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...