Security

Splunk role without permissions and capabillities can access jobs and can see the search

Explorer

Hello,

to let you understand the problem easier I'll explain quickly the requirements for my role:
- create a role which only have access to one specific dashboard which contains about 5 searches.
- The role has no permissions to any index.
- users of the roles need to be able to change their own password.

we have created a splunk role with almost no capabillities (change_own_password, list_inputs, rest_properties_get, run_collect, run_mcollect, search). The dashboard is configured within an app which grants the user read permissions, but the user is not allowed to search against the indexs. All of this stuff is already working. To keep the ability to see reports without having permissois to execute searches on the corresponding indexes, we configured on the report settigs that it is getting executed by another user.

The problem we have is that if you want to keep the ability to change its own password you need to grant the user "read" permissions for the search&reporting app. But this will also enable to navigate to "activity" -> "jobs" which gives the user the permissions to see scheduled searches and so on. When he clicks on one of those searches the user is able to see the search querys. But we want to avoid that the user is able to see the search query.

Anyone know a best way to solve this?

0 Karma