Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Distributed Management Console read only user

cafissimo
Communicator
‎06-07-2018 02:23 AM

Hello,
please I would like to know if and how is possible to define/create a user that has only the capability to navigate through the Splunk Distributed Management Console, without the possibility to make any changes.
The user should not be able to do anything else, other than viewing DMC dashboards: he should be like a "read only" admin.

Thanks in advance and kind regards.

0 Karma
Reply

joebisesi
Path Finder
‎06-07-2018 07:10 AM

You can create a new role and via default.meta give that role read access. But for any of the dashboards to populate that role will also need multiple capabilities, including search. That role will also need access to specific indexes. Which, by your request, will not accomplish what you want. I'm sure there would be a way of recreating the DMC dashboards in a custom made app, that would remove any navigation capabilities outside of the dashboards you want the user to see. I have a feeling that may be way more effort than its worth to do that.

The short version is, I don't know a quick solution or even a moderately easy solution. Keep in mind the DMC accesses a lot of data from many sources. Keep in mind for any search to work the user has to have access to search in addition to the indexes that hold the data.

0 Karma
Reply

laurencmcminn
New Member
‎06-07-2018 06:37 AM

Have you tried using roles to define exactly what the users can do and then grouping them into those roles?
There is more information here about user role capabilities. You should be able to limit what they can do to only allow them to view the DMC dashboards and do nothing else. You can even set the search jobs limit so that they cannot search otherwise.

I hope this helps!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...