Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to allow users to change roles without seeing all other roles?

klim
Path Finder
‎04-06-2023 01:48 PM

I have an app where users of different roles want to share their dashboards and reports with each other. However if I allow them to, they would be able to share their objects with everyone or all users. 

Is there a way to only limit them the option to share it just to their own role?

Alternatively I was thinking of using a custom command that has admin credentials to change the permissions but that would require hardcoding admin creds in the command. Is there a better way to store the admin credentials? I know I can't encrypt the passwords in storage/passwords because then I would need to allow the user to have that capability. 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-07-2023 12:03 AM

@klim - I don't see if there is any direct way to do it. But I can suggest one programmatic way to do it.

  • Create a custom command:
    • And write a python script that retrieves all the reports/dashboards for which you want to change permission.
    • And then change permission.
    • And then share the report/dashboard with the right people. (all programmatically with this Python script.)
  • Write a scheduled search that runs this custom command and do the job you need to do.

 

I hope this helps!!! Upvote if it does!!!

0 Karma
Reply

klim
Path Finder
‎04-07-2023 10:05 AM

That was what I was thinking. The only thing is that users decide when to share an object so the user would need to initiate the custom command. 

The only concern I have is putting the credentials in the command. However I could just make a role that only has admin_all_objects capability, turn on token authentication, and don't allow the role any access to any indexes to add some extra layers of restrictions in case the users could obtain the credentials somehow.

Is there a way that I can limit what API commands a role runs?

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-10-2023 02:14 AM

@klim - if you are running the custom command (savedsearch) on a scheduled based, then the Permission the custom command will have is same as permission for the user that scheduled the savedsearch.

 

I hope this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...