Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Read Only Executive Summary Splunk ES

treven
Explorer
‎02-21-2024 12:43 PM

Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summary dashboard? Any assistance would be greatly appreciated! 

*Edit

Sorry we have the user role and user created but we are unable to restrict it to a single dashboard, we can specify an app such as ES but have been unsuccessful in getting a default dashboard set. When you land on ES there is the "Security Posture"  "Incident Review" "App Configuration" etc settings. Would it be possible to change one of these from "Security Posture" to "Executive Summary" so that way they are just a click away from the appropriate dashboard?

Thank you!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

TheLawsOfChaos
Path Finder
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

View solution in original post

Reply
Solved! Jump to solution
Solution

TheLawsOfChaos
Path Finder
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

Reply
Solved! Jump to solution

treven
Explorer
‎05-03-2024 10:26 AM

Sorry for the late response on this but this is exactly what we did created a user and role separate from the others exec_view and assigned that role read-only permissions and assigned it to specific users. Thanks for the information! 

0 Karma
Reply
Solved! Jump to solution

meetmshah
SplunkTrust
SplunkTrust
‎04-20-2024 07:41 AM

+1 with @TheLawsOfChaos, It's a common practise to create a Role with "Read Only" permission. You have any further questions / issues with respect to this @treven?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...