Security

how can i add permission or role for users using autorize.conf ?

sfatnass
Contributor

hi
i have some user need to update her own application splunk and i want to affect her the permission to update specific applications.

what's the config can edit it on autorize.conf to affect to user only update to specific project?

0 Karma

gcusello
SplunkTrust
SplunkTrust

You have to create a Splunk role for these users and then give access rights to this role to the specific apps and objects in app.
The best (and more secure!) way to do this is via GUI [Apps -- Manage Apps -- Show Objects] but it's very slow if your app has many objects (you have to manually modify one by one all of them).
in this way, you could modify (with much attention!!!) $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta giving rights access to the new role:

  • give role access rights via GUI to the first object
  • in $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta modify the row (when exists) access = read : [ * ], write : [ admin, power ] with the new role, copying the correct Access Rights from the first object you modified via GUI in every stanza (each stanza is an App object);
  • restart Splunk.

Bye.
Giuseppe

Get Updates on the Splunk Community!

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...

Introducing New Splunkbase Governance!

Splunk apps are essential for maximizing the value of your Splunk Experience. Whether you’re using the default ...

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...