Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can i make search app invisible and make only my apps visible ??

rakesh_498115
Motivator
‎12-24-2013 10:34 AM

Hi,

I dont to give to many options / apps for my customers. So is there is a better way of hiding the search app from the App navigation menu , i have tried changing the local.meta and default.meta of search app to exculde the read and write permission for my user roles.

i.e

changed default.meta to the following

access = read [*] , write [admin,power]

to

access = read[admin,power],write[admin,power]

but this doesnt work ?? any clues pls ??

Tags (2)
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-30-2015 05:18 AM

There are too many features, commands, etc that depend on the search and reporting app for you to just arbitrarily disable it for specific users. Somewhere in the documentation it mentions that ALL USERS MUST have access to the searching & reporting app, but I cant find a link to point you to.

Of course you'll find many people who have "made" this work, but I'm certain they ran into issues they havent mentioned in their threads where the "made" it work.

Here's just one issue that arises without access to search and reporting app:
https://answers.splunk.com/answers/316335/how-users-without-read-permission-on-search-app-ca.html

In short... DO NOT DISABLE/PROHIBIT ACCESS TO THE SEARCH AND REPORTING APPLICATION FOR ANYONE.

Making it invisible also has unintended consequences because you cant just make it invisible to specific users.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-25-2013 03:10 PM

You can certainly hide the search app from roles that shouldn't use it. I've done it before, all you need to do is go into Manager -> Apps -> search app permissions and edit who isn't supposed to have read permission for search.

Note: Those roles without read permissions for search will lose access to any manager page, and several search commands. Depending on what they do within Splunk that may be a challenge.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...