Security

How to keep users out of Search?

DaClyde
Contributor

We would very much like to restrict certain users in our Splunk environment to the apps that have been provided to them and prevent them from reaching the Search interface.

We have established separate roles for each app, and assigned to the users to those roles, but are having some difficulty determining exactly which set of capabilities the roles require for the apps to function, but to make sure the users can't reach the search bar.

We remove the "Open in Search" option from the bottom on the dashboard panels, and we would like to remove access to the Search & Reporting app to all but the necessary roles.  We just want to be sure everything still functions for the users in their various apps.

Any guidance would be helpful.

Thanks!

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @DaClyde,

for my knowledge, the only choice is to remove the open in search option in each panle.

Even if adding "search" in the url permits to access the Search and reporting dashboard and it isn't possible to block it.

Ciao.

Giuseppe

DaClyde
Contributor

Thank you @gcusello, I was worried this might be the answer. 

As much as we can, we are leveraging the API to build dashboards into our main website and effectively replicating the dashboards in HTML, pulling the values from Splunk.  That keeps the users out of Splunk entirely and may be the direction we need to go.  

 

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...