Per our environment we would like to provide access to certain entities within our control access to our splunk environment. Specific dashboards, searches and access has been permitted. So far the system is pretty well locked down however the user is still able to view the activity/jobs in the top right corner. Is there any way to lock the access down further so the users/role can not access that report/list?
job_management.xml is one of three system views that are still located in
$SPLUNK_HOME/etc/system/default/data/ui/views/ and therefore you must set the permission inside of
$SPLUNK_HOME/etc/system/metadata/local.meta. Add this to the end of the file:
[views/job_management] access = read : [ admin ], write : [ admin ] export = system owner = admin
This will allow all users in the
admin group to be able to use the view, where users of the
user group are not able to open the view (They still can see it in the drop down!) - they will get this error:
Another option would be to clone the view into a different app and set the permission within this app, but this way you would miss any future update to this view.
Hope this helps ...
Actually you have to adapt the local.meta from the search app. It has been tested with 8.0.3
1. edit local.meta
2. add the following line:
[views/job_manager] access = read : [ admin ], write : [ admin ] export = system owner = admin
@MuS I cloned the view from $SPLUNK_HOME/etc/system/default/data/ui/views/ into this location in my app "etc/apps/myapp/local/data/ui/views and then I set the permissions in etc/apps/myapp/metadata in the local.meta file
And then I restarted my Splunk
But my users can still access the Jobs page- am I doing something wrong in my config files?
That sounds like a config precedence problem, because everything in
etc/system/local will overwrite your settings. Check settings in
BTW, what happens if you do it the way I mentioned above and change it in
etc/system/local instead a separate app?
Hi @MuS I don't want to change it for everybody- I just want to change it for a specific app (everyone in that app has the same role)- can I do that?
And I didn't change anything in etc/system/local- there is nothing that talks about this view job_management.xml in my local.meta file in etc/system/metadata
Anything else I should try?