Splunk Enterprise

Different URL for each Splunk roles

shwetas
Explorer

Hi All,

 

We have a requirement from one of our customer ,where they would like to have different URL for each Role in Splunk enterprise due to various security concerns and we do have enabled SAML for this customer. 

Example:

 

Admin User Role:  splunkadeui.abc.com

User Role User:    sdeycecv.abc.com OR sdeycecv.pyru.com 

 

Request to please share your views and how this can be address.

 

Regards,
Shweta

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please explain how a different URL for each role addresses any security concern.

---
If this reply helps you, Karma would be appreciated.
0 Karma

shwetas
Explorer

Actually i have asked the same question to my customer, But its being mentioned as one of the vulnerability that admin and end-user uses same URL this is how the organization works for my customer.

 

Let me give more details ,So here customers is going to onboard  multiple customer data and each customer will have some admins and END user.

  1. Requirement is Admin should use Different URL and should not have access to END user portal.
  2. Similarly End User should have different URL and should not have access to Admin User portal.

This needs to be achieve either by LDAP or SAML. Please let me know if you have any thoughts on same.

 

Regards,
Shweta

0 Karma

richgalloway
SplunkTrust
SplunkTrust

AFAIK, the only way to do that is to have separate search heads for admins and users.  That would achieve the goal of separate URLs for each class of user, but it would not be a useful "solution" because there would be no way to administer the user SH except via the command line.  Changes made from the CLI often require restarting so the user experience would not be as good as it could be.

Is the customer aware that Splunk uses role-based access controls to govern who can do what?

It seems the unasked question here is how to keep customers from seeing each others data.  That requires given each customer dedicated indexes and using roles to make sure only that customer's people can see that data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...