Security

Can users be restricted to only search data models?

sc0tt
Builder

I'd like to give certain user roles the ability to search data models. However, I don't want them to be able to view the data in search. Is this possible?

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

What, precisely, do you want them to be able to see?

What, precisely, do you NOT want them to be able to see?

A user role can be restricted in what it can look at. One of the easiest ways is by restricting the user's search to a particular index. If the sensitive data is not in the index and the model, then the user can't look at it.

You can also use apps to limit the precise searches that your users can perform.

On the other hand, if you want your users to be able to create ad hoc searches based on a field, but do NOT want them to be able to see that field, that's a bit more problematic.

0 Karma

fvegdom
Path Finder

In my case, I litterally want the users to only be able to search using data models, i.e. use pivot to search.
I do not want them to be able to use regular search without pivot.

I know I can restrict access to data using indexes, I already make heavy use of that method. In my organization I would like to create several classes of user, based on the capabilities rather than the data access rights of those users.

a knowledge manager user class, which corresponds with the power role
a business intelligence/it proffesional user class, which corresponds mostly with the user role
a business user class which corresponds with the role I would like to be able to only search using pivot

I got this idea from this document:
https://conf.splunk.com/session/2014/conf2014_DavidClawson_Splunk_WhatsNew.pdf 5th page/slide has a diagram.

0 Karma

fvegdom
Path Finder

I have the exact same question:
I would like to make a class of user that can only search data models, not use the regular search? Is that possible and how?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...