Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Block access to Manager

steveirogers
Communicator
‎06-22-2011 09:19 AM

I have seen several questions about restricting access to "Manager" but all of the answers seem to require coding JavaScript.
I do not understand why this is not a "built-in" capability.

I have defined a new role that only has search capability to a specific index. Yet the users in that role have administrative ability via the "Manager" link to change configuration settings. That does not make any sense.

Is there a different way to accomplish this besides coding/modify XML?

I am running Splunk 4.0.3 build 65638.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mfrost8
Builder
‎06-23-2011 12:24 PM

I don't have a solution for you, but perhaps more of a question. Is it your intent to prevent non-admin users from being able to say, change their password? non-admin users don't get all the of the admin content from manager. In our shop, we leave that all alone as there's nothing sensitive or damaging that non-admin roles get access to.

If it really has to go away completely for non-admins, I would think that that is unusual enough that yes, you'd need to modify the XML.

View solution in original post

Reply
Solved! Jump to solution

steveirogers
Communicator
‎02-15-2012 05:23 AM

Thanks Frank. I will check into that as well.

0 Karma
Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎06-23-2011 01:34 PM

The Manager link doesn't immediately just give them admin access. Users have their own "knowledge objects" such as searches and macros. They access to these through Manager. They have access to what they create or what you give them access to. If you don't want them to have access to something, manage the permissions of it.

0 Karma
Reply
Solved! Jump to solution
Solution

mfrost8
Builder
‎06-23-2011 12:24 PM

I don't have a solution for you, but perhaps more of a question. Is it your intent to prevent non-admin users from being able to say, change their password? non-admin users don't get all the of the admin content from manager. In our shop, we leave that all alone as there's nothing sensitive or damaging that non-admin roles get access to.

If it really has to go away completely for non-admins, I would think that that is unusual enough that yes, you'd need to modify the XML.

Reply
Solved! Jump to solution

mfrost8
Builder
‎06-23-2011 12:53 PM

I'm not certain how that works. I would guess that might create configuration within a user's own, local configuration ($SPLUNK_HOME/etc/users/) so it's not tweaking the global config.

If you don't even want that, you might want to file an enhancement request asking for field extractions to be a capability you can remove from the "user" role (I don't see it there currently as a capability).

0 Karma
Reply
Solved! Jump to solution

steveirogers
Communicator
‎06-23-2011 12:45 PM

Thanks very much. I did some more testing and you are correct in that most of the actual fields are restricted when the user clicks on the manager link. However, if the user goes to "Manager --> Field Extractions", then it appears that they can change some of the values in "transforms.conf" and save the changes.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...