Security

logged in user temporarily drop a role

Contributor

We are developing an app with dashboards which are only shown if the current user has certain Splunk roles, this roles also grant access to the specific indexes.
The developers have all this roles, but in order to see the app as a user with a certain role would see it, they need to be able to temporarily drop some roles they own. Any idea except creating test users?
BTW, the developers don't get the admin role 😉

0 Karma

SplunkTrust
SplunkTrust

I don't see any way that won't be MUCH more of a headache than giving your developers each a user account, or collective access to test user ids to check out. Any such facility would mean that the developer's actual role was always in flux on the system. That will lead, at the very least, to lots of noise in your tracking of auth updates, and at worst to random errors due to developers not having expected roles at times they need them.

Communicator

Is it the user wants to know which access he has on the dashboard panel ?

If yes , try this

| rest /services/authentication/current-context splunk_server=local | table title roles username | rename roles as title | mvexpand title

0 Karma