Dashboards & Visualizations

Is there any way to restrict users/roles from accessing the activity - jobs list on the top right corner of the dashboard?

Explorer

Hello,

Per our environment we would like to provide access to certain entities within our control access to our splunk environment. Specific dashboards, searches and access has been permitted. So far the system is pretty well locked down however the user is still able to view the activity/jobs in the top right corner. Is there any way to lock the access down further so the users/role can not access that report/list?

Thank you,
Justin

0 Karma

SplunkTrust
SplunkTrust

Hi jstaley,

This view job_management.xml is one of three system views that are still located in $SPLUNK_HOME/etc/system/default/data/ui/views/ and therefore you must set the permission inside of $SPLUNK_HOME/etc/system/metadata/local.meta. Add this to the end of the file:

[views/job_management]
access = read : [ admin ], write : [ admin ]
export = system
owner = admin

This will allow all users in the admin group to be able to use the view, where users of the user group are not able to open the view (They still can see it in the drop down!) - they will get this error:

alt text

Another option would be to clone the view into a different app and set the permission within this app, but this way you would miss any future update to this view.

Hope this helps ...

cheers, MuS

0 Karma

Communicator

Actually you have to adapt the local.meta from the search app. It has been tested with 8.0.3

1. edit local.meta

vi /opt/splunk/etc/apps/search/metadata/local.meta

2. add the following line:

[views/job_manager]
access = read : [ admin ], write : [ admin ]
export = system
owner = admin

 

Path Finder

@MuS I cloned the view from $SPLUNK_HOME/etc/system/default/data/ui/views/ into this location in my app "etc/apps/myapp/local/data/ui/views and then I set the permissions in etc/apps/myapp/metadata in the local.meta file

And then I restarted my Splunk

But my users can still access the Jobs page- am I doing something wrong in my config files?

0 Karma

SplunkTrust
SplunkTrust

That sounds like a config precedence problem, because everything in etc/system/local will overwrite your settings. Check settings in etc/system/local/metadata.

BTW, what happens if you do it the way I mentioned above and change it in etc/system/local instead a separate app?

cheers, MuS

0 Karma

Path Finder

Hi @MuS I don't want to change it for everybody- I just want to change it for a specific app (everyone in that app has the same role)- can I do that?

And I didn't change anything in etc/system/local- there is nothing that talks about this view job_management.xml in my local.meta file in etc/system/metadata

Anything else I should try?

0 Karma

Contributor

Are the users able to view the jobs/activity page or just see the menu dropdown in the right corner? so when they click on it does it take them to the jobs page?

0 Karma

Builder

I would like to ask the same question.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!