Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Read Only Executive Summary Splunk ES

treven
Explorer
‎02-21-2024 12:43 PM

Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summary dashboard? Any assistance would be greatly appreciated! 

*Edit

Sorry we have the user role and user created but we are unable to restrict it to a single dashboard, we can specify an app such as ES but have been unsuccessful in getting a default dashboard set. When you land on ES there is the "Security Posture"  "Incident Review" "App Configuration" etc settings. Would it be possible to change one of these from "Security Posture" to "Executive Summary" so that way they are just a click away from the appropriate dashboard?

Thank you!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

TheLawsOfChaos
Explorer
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

View solution in original post

Reply
Solved! Jump to solution
Solution

TheLawsOfChaos
Explorer
‎04-07-2024 08:01 PM

To lock a single dashboard down, you would want to create a new custom user that does not inherit the user permission.

Then you would grant that user read permissions to that single dashboard.  Then the user can get to it via the link, but not even going to the app to browse for it.

 

If they can view ES, they can view all the dashboards (by default). You could go dashboard by dashboard, and change the custom nav to reflect it. But if you want the user to only see that one part of ES, I'd recommend the method I laid out up top.

Reply
Solved! Jump to solution

treven
Explorer
Friday

Sorry for the late response on this but this is exactly what we did created a user and role separate from the others exec_view and assigned that role read-only permissions and assigned it to specific users. Thanks for the information! 

0 Karma
Reply
Solved! Jump to solution

meetmshah
Contributor
3 weeks ago

+1 with @TheLawsOfChaos, It's a common practise to create a Role with "Read Only" permission. You have any further questions / issues with respect to this @treven?

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...