Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can i make search app invisible and make only my apps visible ??

rakesh_498115
Motivator
‎12-24-2013 10:34 AM

Hi,

I dont to give to many options / apps for my customers. So is there is a better way of hiding the search app from the App navigation menu , i have tried changing the local.meta and default.meta of search app to exculde the read and write permission for my user roles.

i.e

changed default.meta to the following

access = read [*] , write [admin,power]

to

access = read[admin,power],write[admin,power]

but this doesnt work ?? any clues pls ??

Tags (2)
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-30-2015 05:18 AM

There are too many features, commands, etc that depend on the search and reporting app for you to just arbitrarily disable it for specific users. Somewhere in the documentation it mentions that ALL USERS MUST have access to the searching & reporting app, but I cant find a link to point you to.

Of course you'll find many people who have "made" this work, but I'm certain they ran into issues they havent mentioned in their threads where the "made" it work.

Here's just one issue that arises without access to search and reporting app:
https://answers.splunk.com/answers/316335/how-users-without-read-permission-on-search-app-ca.html

In short... DO NOT DISABLE/PROHIBIT ACCESS TO THE SEARCH AND REPORTING APPLICATION FOR ANYONE.

Making it invisible also has unintended consequences because you cant just make it invisible to specific users.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-25-2013 03:10 PM

You can certainly hide the search app from roles that shouldn't use it. I've done it before, all you need to do is go into Manager -> Apps -> search app permissions and edit who isn't supposed to have read permission for search.

Note: Those roles without read permissions for search will lose access to any manager page, and several search commands. Depending on what they do within Splunk that may be a challenge.

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...