Deployment Architecture

Splunk Enterprise multitenancy- how can I create Role-based permissions per customer?

Enissay66
Loves-to-Learn

hello,

My need is to use Splunk Entreprise to serve multiple client organizations using a single instance=> Multitenancy function use.

I have some installed Splunk Apps using only one index and they manage the data coming from multiple clients, how can I separate them on the dashboard ?  how can i create Role-based permissions per customer ?

Does Splunk Entreprise  supports natively Multitenancy function ? how can I achieve my goal ?

Bests,

Yassine.

 

0 Karma

diogofgm
SplunkTrust
SplunkTrust

If you're looking just at Splunk Enterprise (the core product), you can create an index per customer and have a role per customer to give permissions to their indexes on top of roles to give users capabilities. Then you most likely need to rework the apps dashboards to include those indexes. My suggestion would be to e.g. name the indexes something like windows_customer1, windows_customer2 and change the searches in dashboards to look for index=windows_* or create a macro that hold this and use that macro instead in the searches where you'd filter the index (this way if the indexes changes you can just change the macro instead of reworking all the searches again). If the roles are properly set you should see just the data concerning your company based on your role when opening the dashboards. 

If, on. the other hand, you are talking about the premium app Splunk Enterprise Security, as Giuseppe stated, it does not easily support multi tenancy and would likely need some Splunk PS to implement

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Enissay66,

Enterprise Security isn't a Multi Tenancy App.

I implemented it with the support of Splunk Professional Services for an italian company, but it isn't an activity that's possible to describe in one answer, it's a project with an elapsed of at least 2 months.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...