Dashboards & Visualizations
Highlighted

Restrict user to view only specified dashboards in one apps only

Contributor

I am trying to create a user account that can access one and only one apps and only view some dashboards within that apps. Nothing else.

What I have done so far:
1. Created a custom apps called myapps
2. published some dashboards within that apps
3. Crated a custom role called "dashboardrole"
4. Allowed the capabilities that are allowed in user role defined in the system. I am not comfortable with same privilege as user roles.
5. Created a user called dashboard
user and put this user in dashboardrole and assigned default apps to myapps
6. Allowed dashboard
user to myapps and "Search & Reporting" read permission from manage permission in apps.
7. Specified dashboards within this apps has everyone read permission

I have two questions:

  1. If I remove permission for dashboardrole from "search & Reporting", user dashboarduser cannot login. Dashboarduser gets error message http 404. Do I really have to give permission to search & reporting to the dashboarduser?
  2. What are the minimum capabilities required for the dashboard_role. I am not comfortable to giving same capabilities as user.
0 Karma
Highlighted

Re: Restrict user to view only specified dashboards in one apps only

Splunk Employee
Splunk Employee
  1. No. You're getting the error because the default app/dashboard unless otherwise specified for a user/role is the search app. You need to set the default app for your role to the one app they have access to.
  2. I don't know, what capabilities are you uncomfortable with? They of course will need search, and probably the rest_properties_get capabilities. The remainder may or may not be needed by your dashboard, I don't know. You can read about capabilities here http://docs.splunk.com/Documentation/Splunk/latest/admin/authorizeconf
0 Karma
Highlighted

Re: Restrict user to view only specified dashboards in one apps only

Contributor

Thank you for responding to my post.

My intention is to restrict the dashboard_user to anything other than exclusively permitted dashboards, not even any additional searches.

For example, simple search string for two of my panels in the dashboard

sourcetype=ciscowsasquid | eval download=sc_bytes/1024/1024 | stats sum(download) by host

eventtype=ironportproxy | eval MegaByte=scbytes/1048576 | stats max(MegaByte) by "Display Name" | sort limit=10 max(MegaByte) desc

How can I achieve this.

The default apps for the role is already "myapps" and myapps has everyone read permission.

0 Karma
Highlighted

Re: Restrict user to view only specified dashboards in one apps only

SplunkTrust
SplunkTrust

The minimum capabilities required for a dashboard user are restpropertiesget (without which they can event launch home screen) and search (every dashboard in turns runs a search, so needed).

If a user has these two capabilities and access to a default app, you can remove access to "Search and Reporting" app.[Just tested the same]

Regarding the 404 error said, either the default app is not set or the it was trying to launch "Search and Reporting" app, may be because it was on that app and logged out (this is where the permission was changed) and when logged back, it will try to take to same screen. You should see the error message for more details.

Highlighted

Re: Restrict user to view only specified dashboards in one apps only

Contributor

Thank you for your response.

OK, I have removed all the capabilities except two you mentioned. I can login as dashboarduser as long as the dashboardrole has access to "search & Reporting". The moment I take the permission out for the above role from "search & reporting", user cannot login anymore. Error message "404 not found" and "Splunk cannot find the 'dashboards' view"

I noticed that even with only two capabilities dashboard_user (when allowed access in search & reporting, without which user cannot login) was able to create a new dashboard, which I certainly do not want for this user.

0 Karma