How can I configure a role to only view a single app without having to review all other app configurations ? I have many apps in a shared environment and im having some issues scaling with my role management.
Anyone has some best practice to be used in this case ?
If you've access to the Search head's file system, an easy option will be make this change in the file system. The app level access permission is stored in $SPLUNK_HOME/etc/apps/APP_NAME/metadata/ folder in the default.meta OR local.meta. The default entry would say this
# Application-level permissions  access = read : [ * ], write : [ admin, power]
Change this to
# Application-level permissions  access = read : [ YourRoleForApp ], write : [ YourRoleForApp ]
Remember to restart Splunk instance for changes to take place. Since it's just 10 file update, should be easier/faster.
create a special role for this application with the name you want
(for example, user1
) and user rights.
After you have created this role, you go change the permissions on your application and you only selected the role you had just created (
as soon as you create the user who has the right to view this page, then you give him this role there and everything will be fine.
for more infomations, follow this link:
forgive my english.
Thank you for your reply. I currently do as you mentioned above but I have about 100 roles and so if i want to manage the roles I have to click on each app and select the roles that have the right to access it. It becomes a waste of time when u have 100 roles x 10 apps.... I Know its a one shot thing, but I would like to know if anyone has a solution for managing roles like that, maybe someone made an interface that allows you to see all app permissions without having to click on each app and then tick the corresponding roles ^^