Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Permissions and Accelerated Search

tdiestel
Path Finder
‎10-24-2014 10:21 AM

I have question concerning Accelerated Search and Data Model Acceleration, but before I ask it let me give you some background on what I plan to do. Currently, I'm trying to scope out what needs to be done when I bring on new clients without having to have multiple environments, dashboards, queries, etc. One thought was that when I bring on a new client, I just create new Indexes with a specific suffix ( such as index_name_"Insert Client Name Here" ) and then change my dashboard queries to be index=index_name* thus it will cover all the clients for the specific index type. Last we will just need to set up specific Roles that can only look at specific indexes, thus when let's say CLIENT_A run the query index=index_name* they only will receive info from index=index_name_CLIENT_A and not index=index_name_OTHER_CLIENTS. This way I can manage many clients with the same queries and not have to worry about making changes to each of their specific dashboards. Then if they want something specific geared only to them, I will create a new dashboard that will only be viewable by the role for their users.

With that in mind, do you think that when I create an accelerated search or a data model that the data in those models will still inherit the permissions I designated for their roles? So keeping with our example, if I have an Accelerated Search with index=index_name* and a user with the CLIENT_A role was to use it, they would only receive data for index=index_name_CLIENT_A and still take advantage of the accelerated search's summaries.

0 Karma
Reply

tdiestel
Path Finder
‎10-30-2014 12:39 PM

The permissions to the specific indexes are kept, you just have to ensure that the users permissions enable them to use accelerated searches and data models.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎10-24-2014 01:06 PM

While I don't know the answer off the top of my head, this should be fairly straightforward to test. Set up two indexes according to your naming scheme along with two roles that can each see only one index. Dump some test data into each index, set up a simple search (index=test_indexes* | stats count by index or whatever) and accelerate that. Then log in with either user and see what's what.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...