Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to allow users to change roles without seeing all other roles?

klim
Path Finder
‎04-06-2023 01:48 PM

I have an app where users of different roles want to share their dashboards and reports with each other. However if I allow them to, they would be able to share their objects with everyone or all users. 

Is there a way to only limit them the option to share it just to their own role?

Alternatively I was thinking of using a custom command that has admin credentials to change the permissions but that would require hardcoding admin creds in the command. Is there a better way to store the admin credentials? I know I can't encrypt the passwords in storage/passwords because then I would need to allow the user to have that capability. 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-07-2023 12:03 AM

@klim - I don't see if there is any direct way to do it. But I can suggest one programmatic way to do it.

  • Create a custom command:
    • And write a python script that retrieves all the reports/dashboards for which you want to change permission.
    • And then change permission.
    • And then share the report/dashboard with the right people. (all programmatically with this Python script.)
  • Write a scheduled search that runs this custom command and do the job you need to do.

 

I hope this helps!!! Upvote if it does!!!

0 Karma
Reply

klim
Path Finder
‎04-07-2023 10:05 AM

That was what I was thinking. The only thing is that users decide when to share an object so the user would need to initiate the custom command. 

The only concern I have is putting the credentials in the command. However I could just make a role that only has admin_all_objects capability, turn on token authentication, and don't allow the role any access to any indexes to add some extra layers of restrictions in case the users could obtain the credentials somehow.

Is there a way that I can limit what API commands a role runs?

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-10-2023 02:14 AM

@klim - if you are running the custom command (savedsearch) on a scheduled based, then the Permission the custom command will have is same as permission for the user that scheduled the savedsearch.

 

I hope this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...