Security

how can i add permission or role for users using autorize.conf ?

sfatnass
Contributor

hi
i have some user need to update her own application splunk and i want to affect her the permission to update specific applications.

what's the config can edit it on autorize.conf to affect to user only update to specific project?

0 Karma

gcusello
SplunkTrust
SplunkTrust

You have to create a Splunk role for these users and then give access rights to this role to the specific apps and objects in app.
The best (and more secure!) way to do this is via GUI [Apps -- Manage Apps -- Show Objects] but it's very slow if your app has many objects (you have to manually modify one by one all of them).
in this way, you could modify (with much attention!!!) $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta giving rights access to the new role:

  • give role access rights via GUI to the first object
  • in $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta modify the row (when exists) access = read : [ * ], write : [ admin, power ] with the new role, copying the correct Access Rights from the first object you modified via GUI in every stanza (each stanza is an App object);
  • restart Splunk.

Bye.
Giuseppe

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...