Dashboards & Visualizations
Highlighted

How to restrict dashboard access to one single user in default.meta file?

Path Finder

I have this in default.meta file

access = read : [ addondev_admin, addondev_power, addondev_user, admin, can_delete, user ], write : [ addondev_admin, addondev_power, addondev_user, admin ]

addondev_admin
addondev_power
 addondev_user
admin
can_delete
user 

These are all the list of users i have in my splunk instance this may get increased drastically may get 20 to 30 users. if i want to exclude permission to one single user(for eg., addondev_user) instead of adding all. Can i do it in this .meta file?

0 Karma
Highlighted

Re: How to restrict dashboard access to one single user in default.meta file?

SplunkTrust
SplunkTrust

Are they 'users' or 'roles'? It's a good practice to map users to roles and restrict access to knowledge objects [ e.g. views/yourdashboard] via roles, rather than individual users. So, yes, you can restrict it.

0 Karma
Highlighted

Re: How to restrict dashboard access to one single user in default.meta file?

Path Finder

Thanks for your response 🙂
its roles actually. Let me elaborate my question,

this is the content in .meta file if i exclude a dashboard access for a particular role,

access = read : [ addondevadmin, addondevpower, addondevuser, admin, candelete, multi1admin, multi1power, multi1user, multi2admin, multi2power, multi2user, power, sivaranjini02admin, sivaranjini02power, sivaranjini02user, sivaranjiniadmin, sivaranjinipower, sivaranjiniuser, splunk-system-role, user ],
write : [ addondev
admin, addondevpower, addondevuser, admin ]

in Splunk UI i have excluded only one role added remaining, So got this updated in local.meta file. But i have to do this process through python for which i need access local.meta through my script. in this case instead of including everything Can i just use something like regex to exclude one single role

0 Karma
Highlighted

Re: How to restrict dashboard access to one single user in default.meta file?

SplunkTrust
SplunkTrust

No. I don't think the values for access can accept anything other than "*" OR actual roles.

Do you need to exclude access to one particular role for all the dashboards or just one dashboard? If its later, it could be easier to implement access rules only for that dashboard.

Do you really need those many roles? if your roles follow a pattern or hierarchy/inheritance, you can use the lowest role for access:read ( so any role inheriting will have access as well).

0 Karma