Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About jordanfosterpau
jordanfosterpau
Engager
Member since:
02-13-2018
06-05-2020
Community Statistics
| Posts | 3 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 02-13-2018 |
Activity Feed
- Posted What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Tagged What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Tagged What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Tagged What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Tagged What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Tagged What is the logic behind having [views] stanza in default.meta on All Apps and Add-ons. 03-14-2018 01:08 PM
- Posted Re: AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 03-14-2018 08:38 AM
- Posted AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
- Tagged AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
- Tagged AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
- Tagged AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
- Tagged AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
- Tagged AWS GuardDuty Add-on for Splunk: Why is local.meta not taking precedence over default.meta? on All Apps and Add-ons. 02-14-2018 06:28 AM
Topics I've Started
03-14-2018
01:08 PM
In the file $SPLUNK_HOME/etc/apps/TA-aws_guardduty/metadata/default.meta there are [] and [views] stanzas.
The [views] stanza is causing issues with permissions on the dashboards. When you add role permission to the app on the webgui the changes do not effect the dashboards as the [] stanza is what gets updated in the local.meta file but the [views] stanza in the default.meta file takes precedence for the dashboard.
The [views] stanza can be added to the local.meta files manually, but then permissions are not easily managed as using the webgui. If the [views] stanza is commented out in the default.meta file then permissions set in the webgui propagate to the dashboard.
What is the reasoning to having the [views] stanza in the default.meta file?
I don't see it in other apps or the system default.meta
I'm afraid that if the app gets updated, it will overwrite our changes to the default.meta file
... View more
03-14-2018
08:38 AM
I found a work around.
I should have included the other stanza in default.meta to my OP.
[views]
access = read : [ * ], write : [ admin ]
export = system
I tried adding a [views] stanza into local.meta to see if it would take precedence and did. However, I was not able to use the webgui to make permission changes. I looked at some other apps and the system default and did not see a [views] stanza in those meta files, so I removed the [views] from local.meta and commented it out in default.meta.
Now I can alter permissions in the webgui and see those propagated to the dashboard permissions. Now users, with the proper role, can share their dashboards as expected.
... View more
02-14-2018
06:28 AM
Using AWS GuardDuty app and users unable to share report as it errors with:
User 'testuser' with roles { guard duty dashboard share, testuser, power, user } cannot write: /nobody/TA-aws_guardduty/views/testdashboard { read : [ * ], write : [ admin ] }, export: global, removable: no, modtime: 1518558159.740556000
The stanza in $SPLUNK_HOME/apps/TA-aws_guardduty/metadata/local.meta has:
[]
access = read : [ * ], write : [ admin, aws_gaurdduty, guard duty dashboard share, power ]
export = system
version = 7.0.1
modtime = 1518558159.740556000
Stanza (default.meta):
[]
access = read : [ * ], write : [ admin ]
export = system
So it should be taking precedence over default.meta but as shown in the error, only admin is set to write although local.meta shows other roles.
Other apps seem to be working. Tested/Compared to Search & Reporting and Splunk App for AWS (5.1.0)
Steps to Reproduce
As a user without 'admin' role, create a new dashboard in GuardDuty add-on. (no need to create panels)
Go to Save as on the dashboard, choose Shared in App, click Create Dashboard, and the error appears with incomplete roles in write permissions.
Go to manage apps and choose Permissions for GuardDuty add-on and verify other roles selected beside just admin.
So, why does it appear that local.meta is not taking precedence?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
