Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to restrict a user from access to the default Search & Reporting application?

beonick
Engager
‎07-06-2016 05:16 AM

Hi everyone,

I want to give access to a user so he can only view the selected application, but not "Search & Reporting" and other apps. I have read all other similar questions, but they didn't solved the problem. I can restrict access to all applications except "Search & Reporting".

To restrict access, I created a new role "guest" and assigned to it all the same capabilities that "user" role has. Then I created a new user with this role selected. After that I excluded this role from Apps>ManageApps>Permissions for all apps I don't want user to see. But when I remove user read access from "Search & Reporting" app, for some reason, the dashboard in my application stops to work - it shows only empty elements with N/As.

I have a single view application where the Nav file looks like this:

<nav color="#5379AF">
  <view name="application" default='true' />
</nav>

The "application" view is located in the same application context and has read=Everyone, write=admin permissions.

Can be "Search & Reporting" application hidden somehow?

I work with Splunk Cloud, Splunk Version - 6.3.1511.2

Thank you for your help in advance!

0 Karma
Reply

mbadhusha_splun
Splunk Employee
Splunk Employee
‎11-15-2017 01:30 AM

Hi,

By default only admin and power roles have write permission in the search app. So any user with read permission will be able to access search & reporting app and will be able to create reports and dashboards and can create private knowledge objects but they will not be able to share those to others. If you remove read access for search & reporting app, then those users will not be able to see search & reporting and also settings will be hidden for them.

To force your users to use particular app you could create roles for each department, map those users via LDAP or local auth and then set the default app context to their departmental app. If that's not feasible then you have to do some user education to get people out of the search app and into their departmental app if they are going to save knowledge objects.

You could also change the default app that the user sees upon logging into splunk by role or user: Settings --> Access Controls --> Roles|Users--> select the desired role --> Select a default app from the drop-down list under Default app.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...