Hi. We have users with a restricted role. When that user logs in, we'd like to hide/disable "Manage Apps" and "Search & Reporting" apps from the App dropdown list. Also, we'd like to hide/disable "Open in Search" option from each panel on a dashboard. Is there a way to hide/disable those? Thanks for your help!
In addition to the controls that somesoni2 mentioned, you can also hide the Manage Apps menu altogether on a dashboard. I tested this out by creating a new css file at $SPLUNK_HOME/etc/apps/mytestapp/appserver/static/hidemanageapps.css
(I had to create the appserver/static directory since it didn't exist by default). Then I added the following text into hidemanageapps.css
:
.menu-apps {display: none !important;}
In my dashboard, I added a stylesheet="hidemanageapps.css"
into the form
element and then restarted Splunk. After that, I was able to go to the page and the manage apps dropdown didn't appear. It's important to make sure that users don't have access to this, in addition to hiding the menu, as we don't want security by obscurity. The approach detailed by somesoni2 will meet that need; in my environment, I was also able to prevent users from getting access to anything undesirable by just inheriting the user role, but you can take whatever approach works the best for you (I have no doubt that there are benefits to the more detailed method).
Update: if you just want to hide the last part of the list (i.e., allow users to choose apps, but not see the manage apps part), you can use the following CSS:
.menu-apps ul {display: none;}
.menu-list {display: block !important;}
For anyone on recent Splunk versions (6.5 at least), David's solution for hiding the app drawer will no longer work as the CSS classes have changed. You can use the following selector to hide the entire app drawer:
div[data-role="left-nav"]
These will select the lower portion (Manage Apps and Find More Apps):
a[data-role="manage-apps"], a[data-role="more-apps"]
You might be interested in the hideAppBar
attribute for dashboard and tag elements in Simple XML as well (docs).
Hi,
Where do I add the hideAppBar? Can this be added to the xml in an Apps navigation menu?
Thanks
It's not in the navigation menu, it's an attribute of dashboard
and form
elements in Simple XML dashboards, they look like this:
<dashboard hideAppBar="true">
<label>...
You can also pass it in the url. Docs here.
Thanks the prompt reply.
So I can't app this on an App by App basis only on Dashboard by Dashboard?
Thanks
Not with this method. You can use dashboard.css (a file that is loaded on every dashboard in an app) and use that to hide the items from view however.
I tried this with no success. (6.3.3)
and the file hidemanageapps.css
a[data-role="manage-apps"]{display: none;}, a[data-role="more-apps"]{display: block !important;}
"Manage Apps" is still visible and results to 404.
If the file gives you a 404, then either you have not restarted splunk web or the file is in the wrong place. It obviously can't hide the elements that way.
You can check if the selector works in your splunk version (I don't have 6.3 at my hands at the moment) by using the debugging tools of your browser (typically, F12):
In addition to the controls that somesoni2 mentioned, you can also hide the Manage Apps menu altogether on a dashboard. I tested this out by creating a new css file at $SPLUNK_HOME/etc/apps/mytestapp/appserver/static/hidemanageapps.css
(I had to create the appserver/static directory since it didn't exist by default). Then I added the following text into hidemanageapps.css
:
.menu-apps {display: none !important;}
In my dashboard, I added a stylesheet="hidemanageapps.css"
into the form
element and then restarted Splunk. After that, I was able to go to the page and the manage apps dropdown didn't appear. It's important to make sure that users don't have access to this, in addition to hiding the menu, as we don't want security by obscurity. The approach detailed by somesoni2 will meet that need; in my environment, I was also able to prevent users from getting access to anything undesirable by just inheriting the user role, but you can take whatever approach works the best for you (I have no doubt that there are benefits to the more detailed method).
Update: if you just want to hide the last part of the list (i.e., allow users to choose apps, but not see the manage apps part), you can use the following CSS:
.menu-apps ul {display: none;}
.menu-list {display: block !important;}
This is an ugly hack. You modify the original Splunk application. This should be done using an app, or even better there should be a built in setting to configure this.
My suggestion would go like this
1) Create a read-only user role with following capabilities
change_own_password
get_metadata
rest_properties_get
scheduled_rtsearch
search
Assign this role to all your restricted users
This will ensure "Manage Apps" link is disabled (users will receive access denied error.
2) Ensure all apps/knowledge object should have only read permissions to this role.
3) For each custom dashboard panel (chart/table) where users are seeing "Open in search", set attribute "link.openSearch.visible" to false (default it true). See below link for more details.
http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/PanelreferenceforSimplifiedXML
somesoni2,
This is basically an all or nothing setting, correct? Where you have to make the adjustment in XML in the dashboard/chart to hide this option. You can set it up where the "open in search" is available for some users and disabled for others?
Thanks
The disable "open in search" using "link.openSearch.visible" to false, is applicable for all users, regardless of roles. (so is the css option).