Hi,
Basically i want to revoke write access to users but due to business requirements i am supposed to give access to users to run their search queries in search and reporting page in Splunk.
Problem:If i give access to search and reporting page to run the queries,user will be able to create dashboards ,alerts reports ,since dashboard & alert menus are present in navigation bar of search and reporting page .If i remove the access to search and reporting page user will not be able to run their query and see the output.
Is there a way where i can restrict the access to users so that user should be able to run only their queries and not access dashboard menu?
P.S.if i remove the default xml code for dashboard in navigation bar ,then it wont be able to access to admin as well.
Any solution on this issue would be great!
Thanks,
@Ashwini008
1. You can create a different app same like search and reporting, then give them access to those users which has the default.xml only search option.
2. You can remove the dashboards, alerts from the default so that it won't visible, and admins can access directly by accessing the URL.
(Example : https://<your_url>/app/search/dashboards)
3. Create one dashboard which has the links for dashboard, alerts and give the access to only admins, then remove the dashboard and alert from default.xml, then add the newly created dashboard, so that only admins can see the dashboard and access those links.
Thanks for the response!
i tried the first option but after creating the copy of search app without dashboard menus,unless i give the role as "user" ,the person is not able to access the copy of search app.
And if i give the role as "user" ,the person is able to access the normal search and reporting app as well.
1. You can create a different app same like search and reporting, then give them access to those users which has the default.xml only search option.
How do i proceed ?
@Ashwini008
1. Create a new app like a search app and remove the dashboard, alerts in default.xml.
2. Create a new role and assign the the capabilities of "User" role. Do not inherit
3. Create a user and assign a new role.
4. Give access to your new app to the new role.
I created new app after removing the dashboard menus from the navigation bar
I created a new role with the same capabilities as the "USER" role and assigned it to the new user but still i am unable to access the search page.
Also i tried this method as well, I removed all the menus from original SEARCH AND REPORTING PAGE
i.e. i removed the the below details from the default.xml but the user is still able to access them through direct URL(ex: http://MYAPP//dashboards)
<view name="datasets" />
<view name="reports" />
<view name="alerts" />
<view name="dashboards" />
P.S.i have restricted the roles as well. 😞