Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Read Only Executive Summary Splunk ES

treven
Explorer
‎02-21-2024 12:43 PM

Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summary dashboard? Any assistance would be greatly appreciated! 

*Edit

Sorry we have the user role and user created but we are unable to restrict it to a single dashboard, we can specify an app such as ES but have been unsuccessful in getting a default dashboard set. When you land on ES there is the "Security Posture"  "Incident Review" "App Configuration" etc settings. Would it be possible to change one of these from "Security Posture" to "Executive Summary" so that way they are just a click away from the appropriate dashboard?

Thank you!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

TheLawsOfChaos
Path Finder
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

View solution in original post

Reply
Solved! Jump to solution
Solution

TheLawsOfChaos
Path Finder
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

Reply
Solved! Jump to solution

treven
Explorer
‎05-03-2024 10:26 AM

Sorry for the late response on this but this is exactly what we did created a user and role separate from the others exec_view and assigned that role read-only permissions and assigned it to specific users. Thanks for the information! 

0 Karma
Reply
Solved! Jump to solution

meetmshah
Builder
‎04-20-2024 07:41 AM

+1 with @TheLawsOfChaos, It's a common practise to create a Role with "Read Only" permission. You have any further questions / issues with respect to this @treven?

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...