Hello,
How do i provide access to a limited email address on a dashboard through the backend
What problem are you trying to solve?
Am trying to provide limited access to a dashboard and am trying to do that through the backend
Splunk does not limit access by email address - it uses role-based access controls (RBAC). You would need to create a role and make that role the only one that can access the dashboard in question. Then create a Splunk account with the subject email address and assign that account to the new role.
Another option is to make the dashboard private to the user with the subject email address.
All of that is easiest to do using the GUI. How to do it "through the backend" depends on your environment (Splunk Cloud, standalone, SHC, etc.). It also depends on what you mean by "backend" - REST API, config files, or CLI commands.
What i mean by backend is through the CLI
I'm not sure everything needed can be done from the CLI, but let's try.
Let's take the easier option of making the dashboard private to the user with the subject email address. I assume this is not a search head cluster.
1) Create the user.
splunk add user foo@bar.com -password changeme -role User
2) Locate the dashboard
find /opt/splunk/etc/apps -name <<dashboard>>.xml
This will return something like
/opt/splunk/etc/apps/<<app name>>/local/data/ui/views/mydashboard.xml
3) Create the user's private app directory.
mkdir -p /opt/splunk/etc/users/<<app name>>/local/data/ui/views
4) Move the dashboard to the private directory.
mv /opt/splunk/etc/apps/<<app name>>/local/data/ui/views/mydashboard.xml /opt/splunk/etc/user/<<app name>>/local/data/ui/views/mydashboard.xml
5) You may need to restart Splunk.
sudo systemctl splunk restart
Thank you for your response. I will check it out