Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

NOTE - Splunk DB Connect version 1.x reached its End of Life on July 28, 2016. Please see the migration information.
This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Security and access controls

Splunk's role-based access controls let you setup access permissions for individual users in DB Connect. You can grant a user global access to all DB Connect features and available database connections, or limit a user's access to a specific database connection only. (You should have already set up and configured your database, including defining database users.)

If you have not yet setup your database connection in Splunk DB Connect, follow the steps described in Manage a database connection earlier in this manual.

Note: To set the database connection to read-only access for all users that have permission to use the connection, check Read only at the bottom of the Add new external database page. Check Validate Database Connection to verify a successful connection to the database.

Read/Write permissions refer to configuration file access, not resource access. Set permissions to "read" to give a role permission to access a resource. Without read permissions, the role cannot use DB Connect or its commands. That is, for the dbquery command, read permission simply means you can use the command, including INSERT, not that you can only do SELECT.

Set permissions to "write" to give the administrator permission to modify the database configuration.

For more information, see Set Permissions in the Splunk Enterprise platform documentation.

Admin only control

In Splunk DB Connect 1.1.2 and later, only the Admin role can:

  • Create and see the Database Inputs and Database Lookups pages;
  • Run the dbmonpreview command.

To provide user permissions for database lookups, see Set up user lookup permissions.

Set up user access permissions

DB Connect provides a dbx_user role. Admins can assign the dbx_user role to non-admin users to allow the user to access all features and database connections inside the app.

To set up individual user access permissions for DB Connect:

  1. Create a role for the specific user, for example "new_role_1". Do not inherit any roles for this role.
  2. Click Save. The new role appears in the list.
  3. Create a new user, for example "new_user," and assign the following roles: user, dbx_user, and new_role_1.
  4. Click Save. The "new_user" appears in the list. The user can now access the DB Connect app in general, other apps, and depending on permissions, specific database connections (see the following section, "Set up user access to a specific database").

Note: Old user permission settings from Splunk DB Connect 1.1.0 do not work with DB Connect 1.1.2. Follow the instructions on this page to properly configure user permissions for DB Connect 1.1.2.

Restrict user access to a specific database

By default, users assigned the dbx_user role can access all database connections inside the app. To restrict user access to a specific database connection, you must assign each user to a unique role for each database connection.

For example, if you have setup individual connections to MySQL and MSSQL databases, you can restrict user access to the respective database connections as follows:

1. Create a new role for the MySQL database, for example "role_mysql_1."

2. Create a new user, for example "user_1". Assign user_1 the following roles: user, dbx_user, and role_mysql_1.

This allows user_1 to access other apps, the DB Connect app, and the MySQL database connection.

3. Create a new role for the the MSSQL database, for example, "role_mssql_1."

4. Create a new user, for example "user_2." Assign user_2 the following roles: user, dbx_user, and role_mssql_1.

This allows user_2 to access other apps, the DB Connect app, and the MSSQL database connection.

5. In Splunk Web, go to Apps > Manage Apps > Splunk DB Connect > View Objects.

6. Locate the mysql database and click Permissions. Uncheck Read/Write for dbx_user. Check Read/Write for role_mysql_1.

7. Locate the mssql database and click permissions. Uncheck Read/Write for dbx_user. Check Read/Write for role_mssql_1.

Verify database access

1. Log into Splunk as user_1.

2. Go to Apps > Splunk DB Connect > Manage Database Connections.

user_1 now sees the mysql database connection only. The mssql database connection is no longer visible.

3. Repeat steps 1 and 2 above to verify restricted access for user_2.

Note: Any database connection that does not have a unique role and assigned user will remain visible to all users assigned the dbx_user role.

For more information, see "About users and roles" in the Splunk Enterprise documentation.

Restrict user access to a specific index only

If you create a database input and the data is indexed by Splunk, any user that has access to the index can see the data, regardless of the user's database access permissions. You can however restrict user access to a specific index, as follows:

  1. Create a new index, for example "new_index."
  2. Create a new role, for example "new_role." Do not inherit any roles for this role.
  3. On the Add new role page, add new_index to Indexes searched by default.
  4. By default, "user" and "dbx_user" roles have access to all non-internal indexes. To restrict access to the appropriate index only, you must edit these roles, as follows: Go to Settings > Access Controls > Roles. For both user and dbx_user roles, under Indexes remove "all non-internal indexes", then add "new_index." Click Save.
  5. Create a new user, for example "new_user." Assign the following roles to new_user: user, dbx_user, and new_role.
  6. Go to Settings > All configurations. Locate the specific database connection for which you wish to provide the user access. Click Permissions. Uncheck Read/Write for dbx_user role, then check Read for new_role.

The new_user can now access the new_index only.

For more information, see Set up multiple indexes and Set Permissions in the Splunk Enterprise platform documentation.

Set up user lookup permissions

While only Admins can create database lookups in the Splunk DB Connect UI. Admins can enable users to access and use specific database lookups in searches by assigning the user role (with appropriate read/write permissions) to the database lookup.

You can set up user lookup permissions as follows:

1. In Splunk Web, go to Settings > All configurations.

2. Locate the specific lookup in the list of items.

3. Click Permissions. This opens the Permissions window for the lookup.

4. Assign Read/Write permissions to the user role.

Note: The Admin might first need to create a new role for the user, then assign the user to that role, and assign that role to the lookup, as shown above.

PREVIOUS
Set up a lookup table
  NEXT
Set up search head pooling

This documentation applies to the following versions of Splunk® DB Connect: 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters