Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to keep users out of Search?

DaClyde
Contributor
‎08-10-2023 07:06 AM

We would very much like to restrict certain users in our Splunk environment to the apps that have been provided to them and prevent them from reaching the Search interface.

We have established separate roles for each app, and assigned to the users to those roles, but are having some difficulty determining exactly which set of capabilities the roles require for the apps to function, but to make sure the users can't reach the search bar.

We remove the "Open in Search" option from the bottom on the dashboard panels, and we would like to remove access to the Search & Reporting app to all but the necessary roles.  We just want to be sure everything still functions for the users in their various apps.

Any guidance would be helpful.

Thanks!

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-10-2023 08:25 AM

Hi @DaClyde,

for my knowledge, the only choice is to remove the open in search option in each panle.

Even if adding "search" in the url permits to access the Search and reporting dashboard and it isn't possible to block it.

Ciao.

Giuseppe

Reply

DaClyde
Contributor
‎08-11-2023 06:59 AM

Thank you @gcusello, I was worried this might be the answer. 

As much as we can, we are leveraging the API to build dashboards into our main website and effectively replicating the dashboards in HTML, pulling the values from Splunk.  That keeps the users out of Splunk entirely and may be the direction we need to go.  

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...