Configure role based access control inside Splunk Phantom apps
Phantom supports granular asset access control inside of Splunk Phantom apps to ensure that only authorized access to the app is allowed. Asset access control works on an authorized basis, with a default-deny policy.
When granular asset access control is enabled, only users or groups with explicit permissions are able to perform actions in a Splunk Phantom app. Configure user and group permissions on all configured apps before enabling granular asset access control.
The following example shows how to set up a user for a single permission on the Phantom DNS app.
- From the Main Menu, select Apps.
- Click 1 configured asset to expand the section.
- Click Google DNS to edit the asset.
- Click the Access Control tab.
- Click Edit.
- Select lookup domain from the App Action drop-down list.
- Select the user Herman Smith and click the right arrow in order to move this user into the Approved Users and Roles area as shown in the following image:
- Click Save.
With your app configured for this role, you can now enable granular asset access control so that these permissions take effect.
- From the Main Menu, select Administration.
- Select User Management > Asset Permissions.
- Check the Enable granular Asset Access Control checkbox.
- Confirm that you want to change global asset permissions.
- Click Save Changes.
| Secure Splunk Phantom using two factor authentication | Secure by configuring an account password expiration |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Download manual
Feedback submitted, thanks!