Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Restrict Export of Sensitive Data

IRHM73
Motivator
‎04-13-2017 05:10 AM

Hi, I wonder whether someone could help me please.

The Splunk environment I administer contains sensitive personal data which only those with the relevant clearance can view.

To add an extra line of security, my security team have asked me to remove the 'export' function so these personal details can't be downloaded, that is, until the relevant clearance is provided.

I can make the changes via the 'authorize.conf' file to the user role, setting the 'export_is_visible' in the 'Parent' role to disabled and then a 'child' role which enables the capability.

The problem I have is:

  • I want to restrict this via app, rather than a 'global ' restriction, because in addition to apps with dashboards containing sensitive data, they have access to apps with dashboards which have pure statistical data.
  • In addition, I can't change the role associated with the app, because if I change this, everyone who can just view the statistical dashboards and hence can download the data will also be affected.

Could someone tell me please is there another way to achieve this?

Many thanks and kind regards

Chris

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

brreeves_splunk
Splunk Employee
Splunk Employee
‎04-13-2017 06:15 AM

@IRHM73, apps are deployed to machines, not to people. I don't think you'll be able to do what you're trying to do unless you want to give access to a specific machine once clearance is given.

Global Roles are the best way to achieve this.

View solution in original post

Reply
Solved! Jump to solution
Solution

brreeves_splunk
Splunk Employee
Splunk Employee
‎04-13-2017 06:15 AM

@IRHM73, apps are deployed to machines, not to people. I don't think you'll be able to do what you're trying to do unless you want to give access to a specific machine once clearance is given.

Global Roles are the best way to achieve this.

Reply
Solved! Jump to solution

IRHM73
Motivator
‎04-13-2017 06:30 AM

Hi @brreeves, thank you for the confirmation.

Regards

Chris

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...