Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to restrict a user from access to the default Search & Reporting application?

beonick
Engager
‎07-06-2016 05:16 AM

Hi everyone,

I want to give access to a user so he can only view the selected application, but not "Search & Reporting" and other apps. I have read all other similar questions, but they didn't solved the problem. I can restrict access to all applications except "Search & Reporting".

To restrict access, I created a new role "guest" and assigned to it all the same capabilities that "user" role has. Then I created a new user with this role selected. After that I excluded this role from Apps>ManageApps>Permissions for all apps I don't want user to see. But when I remove user read access from "Search & Reporting" app, for some reason, the dashboard in my application stops to work - it shows only empty elements with N/As.

I have a single view application where the Nav file looks like this:

<nav color="#5379AF">
  <view name="application" default='true' />
</nav>

The "application" view is located in the same application context and has read=Everyone, write=admin permissions.

Can be "Search & Reporting" application hidden somehow?

I work with Splunk Cloud, Splunk Version - 6.3.1511.2

Thank you for your help in advance!

0 Karma
Reply

mbadhusha_splun
Splunk Employee
Splunk Employee
‎11-15-2017 01:30 AM

Hi,

By default only admin and power roles have write permission in the search app. So any user with read permission will be able to access search & reporting app and will be able to create reports and dashboards and can create private knowledge objects but they will not be able to share those to others. If you remove read access for search & reporting app, then those users will not be able to see search & reporting and also settings will be hidden for them.

To force your users to use particular app you could create roles for each department, map those users via LDAP or local auth and then set the default app context to their departmental app. If that's not feasible then you have to do some user education to get people out of the search app and into their departmental app if they are going to save knowledge objects.

You could also change the default app that the user sees upon logging into splunk by role or user: Settings --> Access Controls --> Roles|Users--> select the desired role --> Select a default app from the drop-down list under Default app.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...