Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is my setup for authentication and access control on data within different indexes and same dashboard appropriate?

anantdeshpande
Path Finder
‎11-03-2016 11:31 PM

Current setup:
1. We have created a dashboard having 10 different indexes. Each index holds the data for one single country.
2. There are 10 different Splunk roles which are mapped one to one with 10 indexes.
3. Authentication of users is done via LDAP group. 10 LDAP groups are mapped one to one with 10 Splunk roles.
4. Within Splunk dashboard query, users have choice of drop down menu to select country.

Below is the just for reference…..

1 INDEX_INDIA -> INDIA_SPLUNK_ROLE -> INDIA_SPLUNK_USERS
2 INDEX_CHINA ->CHINA_SPLUNK_ROLE-> CHINA_SPLUNK_USERS
3 INDEX_SINGAPORE->SINGAPORE_SPLUNK_ROLE->SING_SPLUNK_USERS
. .

. .

10 INDEX_JAPAN-> JAPAN_SPLUNK_ROLE-> JAPAN_SPLUNK_USERS

As per regulatory requirement, users from one country should not have access on the data of other country. Our application security team wants confirmation on below concerns:
1) Does the above setup guarantee that if INDIA user selects CHINA or any other country from dropdown menu, query will run but there will be no output on the dashboard?
2) If user modifies the url from the browser to point it to other country on which he do not have access, will Splunk skip role mapping and display output on the dashboard?

Please suggest any better access control model considering above mentioned setup.

0 Karma
Reply

ddrillic
Ultra Champion
‎11-04-2016 06:58 AM

Absolutely, since all your mappings are 1 to 1, it's as simple as it gets and as clear as possible.
index <-> role <-> ldap group

However, a role is associated with a set of indexes and only one app. So, I don't understand how it can be done...

So, you ask for -
index <-> role <-> ldap group and 1:N with the app

If we look at the interface, we see the association of the app to the role as 1:1 -

alt text

Preview file
17 KB
0 Karma
Reply

anantdeshpande
Path Finder
‎11-04-2016 10:05 AM

Association is 1:1 only.
There are 10 different LDAP groups. 10 different Splunk roles. And 10 different Indexes.

All are mapped one to one.

0 Karma
Reply

ddrillic
Ultra Champion
‎11-04-2016 04:23 PM

Right right - we can map multiple roles to the same app, as we do with the power user (to the same app as the regular user). Meaning roles to app is N:1. So, all should be just fine with your design ; -)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...