Security

How to restrict a user from access to the default Search & Reporting application?

beonick
Engager

Hi everyone,

I want to give access to a user so he can only view the selected application, but not "Search & Reporting" and other apps. I have read all other similar questions, but they didn't solved the problem. I can restrict access to all applications except "Search & Reporting".

To restrict access, I created a new role "guest" and assigned to it all the same capabilities that "user" role has. Then I created a new user with this role selected. After that I excluded this role from Apps>ManageApps>Permissions for all apps I don't want user to see. But when I remove user read access from "Search & Reporting" app, for some reason, the dashboard in my application stops to work - it shows only empty elements with N/As.

I have a single view application where the Nav file looks like this:

<nav color="#5379AF">
  <view name="application" default='true' />
</nav>

The "application" view is located in the same application context and has read=Everyone, write=admin permissions.

Can be "Search & Reporting" application hidden somehow?

I work with Splunk Cloud, Splunk Version - 6.3.1511.2

Thank you for your help in advance!

0 Karma

mbadhusha_splun
Splunk Employee
Splunk Employee

Hi,

By default only admin and power roles have write permission in the search app. So any user with read permission will be able to access search & reporting app and will be able to create reports and dashboards and can create private knowledge objects but they will not be able to share those to others. If you remove read access for search & reporting app, then those users will not be able to see search & reporting and also settings will be hidden for them.

To force your users to use particular app you could create roles for each department, map those users via LDAP or local auth and then set the default app context to their departmental app. If that's not feasible then you have to do some user education to get people out of the search app and into their departmental app if they are going to save knowledge objects.

You could also change the default app that the user sees upon logging into splunk by role or user: Settings --> Access Controls --> Roles|Users--> select the desired role --> Select a default app from the drop-down list under Default app.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...