- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Need Restricted Access(Read Only) to splunk user
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need to create a role which would grant access only to search bar and logout button. I don’t want a user with this role to look any other dropdowns like Settings, Messages, Activity or Help.
Under search App, I would like to make only Search Icon to be appeared, no any other icons like Pivot, Reports, Alerts or Dashboards.
I am also restricting this user to access only single index, I am trying to use below capabilities only:
[role_readaccess]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
get_metadata = enabled
list_inputs = enabled
search = enabled
srchIndexesAllowed = tcp_syslog
srchIndexesDefault = tcp_syslog
srchMaxTime = 0
I have checked the feasibility by using local.meta but couldn't get it. Can anyone please help me on above requirement?
I have also tried to change the permissions of Pivot from User Interface->Views->Pivot for read\write to only admin, no any read\write to everyone, in order to not the Pivot accessible to other users but it didn’t help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create a stanza in a .meta file to e.g. restrict access to Manager to only be allowed by admin. In ~/etc/apps/search/metadata/default.meta you find a stanza named manager;
[manager]
access = read : [ * ], write : [ admin ]
export = system
Copy this to ~/etc/apps/search/metadata/local.meta and change read : [ * ] to read : [ admin ] like this;
[manager]
access = read : [ admin ], write : [ admin ]
export = system
NB: You will then also kill a user's ability to e.g. change password etc.
Without having this tested, I would guestimate the same approach would work for other elements in the GUI.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To achieve the next requirement of having selected links on Search App, we can further edit same file like mentioned below:
$SPLUNK_HOME/etc/apps/search/metadata/local.meta
If we don't need Alerts and Pivots to be shown to another user than Admin then we can add below stanzas:
[views/alerts]
access = read : [ admin ], write : [ admin, power ]
export = system
[views/data_models]
access = read : [ admin ], write : [ admin, power ]
export = system
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create a stanza in a .meta file to e.g. restrict access to Manager to only be allowed by admin. In ~/etc/apps/search/metadata/default.meta you find a stanza named manager;
[manager]
access = read : [ * ], write : [ admin ]
export = system
Copy this to ~/etc/apps/search/metadata/local.meta and change read : [ * ] to read : [ admin ] like this;
[manager]
access = read : [ admin ], write : [ admin ]
export = system
NB: You will then also kill a user's ability to e.g. change password etc.
Without having this tested, I would guestimate the same approach would work for other elements in the GUI.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. I am very sorry, but I now see there is a typo in my answer. I told you to copy the [manager] stanza from ~/etc/apps/search/metadata/local.meta. The correct answer is that you will find this stanza in ~/etc/apps/search/metadata/default.meta. I edited my answer to fix this.
Hope this clear things up 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding requirement on Search Application, I have found a way to remove unwanted icons by changing the XML at:
E:\Program Files\Splunk\etc\apps\search\default\data\ui\nav\default.xml
The new contents would be like:
By doing this I am able to get the required thing done, but this would become applicable to all users. I need to do the same for only a single user or role.
Regards,
Disha
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dolxor,
Thabks for your response. I have checked the local.meta file on location $SPLUNK_HOME\etc\apps\search\metadata\local.meta but there was no predefined tag of [manager], so I created a new tag for it and write it in same suggeted way, and checked after restarting splunk services, it is now not showing anything while clicking Settings dropdown by anyother user, but it didn't serve my purpose as I am still unable to remove these items from Navigation Menu.
NB: I am using Splunk 6.0 version.
Regards,
Disha
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
