Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > How to restrict your users to one app

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
Build dashboards
Build forms
Build advanced views
Customize Splunk Web
Build apps
Build scripted inputs
Extend Splunk
View reference material
Custom charting configuration reference

How to restrict your users to one app

How to restrict your users to one app

One of the major use cases for creating apps is to keep different users within your organization from accessing certain types of data. For example, your Ops team may only be authorized to see syslog data, while your Application Development team may only see Log4J and Apache data. How can you keep this all separate, but still only run one Splunk instance? This is where apps come in. You can create one app for your Ops team and one app for your Application Development team, each app showcasing the different types of data each team needs access to. Here are instructions on how to set up different apps in Splunk and restrict your users and roles to only the data they should see.

First, set up a role for each team. For example, create one role for Ops and one role for Application Development. You can always add users to these roles.

Next, set a default app for each role. You can do this from the Roles screen in the Access Controls section of Splunk Manager.

Finally, limit your users to only their default app by setting permissions on the apps. Navigate to the App screen in Splunk Manager, and set permissions for each app. You can make the Ops app read only for the Ops team and the Application Development app read only for the Application Development team. Roles can only see the apps they have read permissions to see.

Optionally, place more restrictions on the views in each app by removing options from the AccountBar, like the app drop-down and the manager link. You can do this by editing the XML for your view and setting the following configuration for AccountBar: 

<module name="AccountBar" layoutPanel="appHeader">
  <param name="mode">lite</param>
</module>

Note that this is only available in the Advanced XML. If you're using the Simplified XML, translate it to Advanced XML by accessing the showsource endpoint: 

http://localhost:8000/en-US/app/<app_name>/<view_name>?showsource=true
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/Developer/DefaultApp"

This documentation applies to the following versions of Splunk: 4.3 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.