I have this in default.meta file
access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, user ], write : [ addondev_admin, addondev_power, addondev_user, admin ]
addondev_admin
addondev_power
addondev_user
admin
can_delete
user
These are all the list of users i have in my splunk instance this may get increased drastically may get 20 to 30 users. if i want to exclude permission to one single user(for eg., addondev_user) instead of adding all. Can i do it in this .meta file?
Are they 'users' or 'roles'? It's a good practice to map users to roles and restrict access to knowledge objects [ e.g. views/yourdashboard] via roles, rather than individual users. So, yes, you can restrict it.
Thanks for your response 🙂
its roles actually. Let me elaborate my question,
this is the content in .meta file if i exclude a dashboard access for a particular role,
access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, multi1_admin, multi1_power, multi1_user, multi2_admin, multi2_power, multi2_user, power, sivaranjini_02_admin, sivaranjini_02_power, sivaranjini_02_user, sivaranjini_admin, sivaranjini_power, sivaranjini_user, splunk-system-role, user ],
write : [ addondev_admin, addondev_power, addondev_user, admin ]
in Splunk UI i have excluded only one role added remaining, So got this updated in local.meta file. But i have to do this process through python for which i need access local.meta through my script. in this case instead of including everything Can i just use something like regex to exclude one single role
No. I don't think the values for access can accept anything other than "*" OR actual roles.
Do you need to exclude access to one particular role for all the dashboards or just one dashboard? If its later, it could be easier to implement access rules only for that dashboard.
Do you really need those many roles? if your roles follow a pattern or hierarchy/inheritance, you can use the lowest role for access:read ( so any role inheriting will have access as well).