Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DB Connect - access restrictions to database connections not working

martin_mueller
SplunkTrust
SplunkTrust
‎01-10-2014 06:33 AM

I'm trying to set up db connections with role-based access restrictions. As an example, Splunk role A shall be able to run dbquery using database connection dbA and Splunk role B shall do the same with dbB. Neither can run queries on the other database.

According to http://docs.splunk.com/Documentation/DBX/1.1.1/DeployDBX/Setupuserpermissions#Set_up_user_access_to_... the permissions for a db connection object should provide this level of access control. However, I can't get that to work. Regardless of how restricted I set the permissions for a database connection, a non-privileged user (role B) can still access that database (dbA) through dbquery - even if that database connection is set as private rather than app- or global-shared.

Is anyone able to reproduce this or am I missing something?

0 Karma
Reply

linu1988
Champion
‎01-10-2014 09:20 PM

i had reported similar concerns..

0 Karma
Reply

sroback_splunk
Splunk Employee
Splunk Employee
‎01-10-2014 03:25 PM

Martin,

The dev team has opened a ticket on this issue and is currently investigating. Looks like it might be a bug.

Reply

araitz
Splunk Employee
Splunk Employee
‎04-03-2014 09:39 AM

Yes, the current implementation is sub-optimal, but it was too risky to try to fix that issue comprehensively.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 01:35 AM

...

currentUser = settings['owner']
ent = en.getEntity(["dbx", "databases"], entityName=dbn, namespace="dbx", owner=currentUser, sessionKey=sessionKey)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 01:35 AM

I see this has been addressed in 1.1.2, thanks!

However, I fear the fix may have added a new bug. See line 14 of dbquery.py:

ent = en.getEntity(["dbx", "databases"], entityName=dbn, namespace="dbx", owner="nobody", sessionKey=sessionKey)

That loads the REST endpoint using the namespace /servicesNS/nobody/dbx/..., which works well for app- or global-shared objects. Sadly this breaks privately held DB connection objects. In order to fix that, replace with these two lines (next comment):

0 Karma
Reply

linu1988
Champion
‎01-11-2014 01:59 PM

I have found something..

While doing | dboutput type=sql database=test table=minimom "update .."

Irrespective of the update success/failure it always says no modification done!!!

Is that a miss in the return statement from database query or something?

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-11-2014 01:17 AM

Great, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...