- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- How to Display whether a user has access to an ind...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
We are using a dashboard that displays all the indexes and information about those indexes. I would like to have an additional column. The current search uses this:
| inputlookup name_of_the_lookup
| search index=* (index=***)
| sort by index
| table index, field_A, field_B, field_C, field_D, field_E, field_F, field_G, field_H, field_I, field_J, field_K
What I want to have is an additional column named 'Access', that says whether it's true or false if the user currently watching that Dashboard has access to that Index. Is there a search that would do this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @SevenDos,
using this search you can see all information about an index:
| rest /services/data/indexes count=0
| table title eai:acl.perms.read eai:acl.perms.writethan you have to correlate these information with the present user
| rest /services/authentication/current-context
| table username rolesAt the end, you should have something like this:
| rest /services/data/indexes count=0 | table title eai:acl.perms.read eai:acl.perms.write
| rename eai:acl.perms.write AS roles
| mvexpand roles
| join roles [ | rest /services/authentication/current-context
| mvexpand roles
| table username roles ]I didn't displayed all the fields, you can add the fields you need.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @SevenDos,
using this search you can see all information about an index:
| rest /services/data/indexes count=0
| table title eai:acl.perms.read eai:acl.perms.writethan you have to correlate these information with the present user
| rest /services/authentication/current-context
| table username rolesAt the end, you should have something like this:
| rest /services/data/indexes count=0 | table title eai:acl.perms.read eai:acl.perms.write
| rename eai:acl.perms.write AS roles
| mvexpand roles
| join roles [ | rest /services/authentication/current-context
| mvexpand roles
| table username roles ]I didn't displayed all the fields, you can add the fields you need.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah great, so I could do:
| rest /services/data/indexes count=0 | table title eai:acl.perms.write
| rename eai:acl.perms.write AS Access title as index
| mvexpand Access
| join roles [ | rest /services/authentication/current-context
| mvexpand roles
| table Access ]
| eval Access=if(like(Access, "admin"), "true", "false")
| dedup index?
There's No Place Like Chrome and the Splunk Platform
The Great Resilience Quest: 5th Leaderboard Update
Devesh Logendran, Splunk, and the Singapore Cyber Conquest
