Splunk Enterprise Security

Read Only Executive Summary Splunk ES

treven
Explorer

Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summary dashboard? Any assistance would be greatly appreciated! 

*Edit

Sorry we have the user role and user created but we are unable to restrict it to a single dashboard, we can specify an app such as ES but have been unsuccessful in getting a default dashboard set. When you land on ES there is the "Security Posture"  "Incident Review" "App Configuration" etc settings. Would it be possible to change one of these from "Security Posture" to "Executive Summary" so that way they are just a click away from the appropriate dashboard?

Thank you!

Labels (2)
0 Karma
1 Solution

TheLawsOfChaos
Path Finder

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

View solution in original post

TheLawsOfChaos
Path Finder

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

treven
Explorer

Sorry for the late response on this but this is exactly what we did created a user and role separate from the others exec_view and assigned that role read-only permissions and assigned it to specific users. Thanks for the information! 

0 Karma

meetmshah
Builder

+1 with @TheLawsOfChaos, It's a common practise to create a Role with "Read Only" permission. You have any further questions / issues with respect to this @treven?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...