Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Different URL for each Splunk roles

shwetas
Explorer
‎06-17-2021 04:20 AM

Hi All,

 

We have a requirement from one of our customer ,where they would like to have different URL for each Role in Splunk enterprise due to various security concerns and we do have enabled SAML for this customer. 

Example:

 

Admin User Role:  splunkadeui.abc.com

User Role User:    sdeycecv.abc.com OR sdeycecv.pyru.com 

 

Request to please share your views and how this can be address.

 

Regards,
Shweta

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-17-2021 05:16 AM

Please explain how a different URL for each role addresses any security concern.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shwetas
Explorer
‎06-17-2021 06:31 PM

Actually i have asked the same question to my customer, But its being mentioned as one of the vulnerability that admin and end-user uses same URL this is how the organization works for my customer.

 

Let me give more details ,So here customers is going to onboard  multiple customer data and each customer will have some admins and END user.

  1. Requirement is Admin should use Different URL and should not have access to END user portal.
  2. Similarly End User should have different URL and should not have access to Admin User portal.

This needs to be achieve either by LDAP or SAML. Please let me know if you have any thoughts on same.

 

Regards,
Shweta

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-18-2021 05:43 AM

AFAIK, the only way to do that is to have separate search heads for admins and users.  That would achieve the goal of separate URLs for each class of user, but it would not be a useful "solution" because there would be no way to administer the user SH except via the command line.  Changes made from the CLI often require restarting so the user experience would not be as good as it could be.

Is the customer aware that Splunk uses role-based access controls to govern who can do what?

It seems the unasked question here is how to keep customers from seeing each others data.  That requires given each customer dedicated indexes and using roles to make sure only that customer's people can see that data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...