Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure role based access control inside Splunk apps

supports granular asset access control inside of apps to ensure that only authorized access to the app is allowed. Asset access control works on an authorized basis, with a default-deny policy.

When granular asset access control is enabled, only users or groups with explicit permissions are able to perform actions in a app. Configure user and group permissions on all configured apps before enabling granular asset access control.

To set up a single user to have access the "lookup domain" action on the Google DNS asset:

  1. From the Home menu, select Apps.
  2. Click 1 configured asset to expand the section.
  3. Click Google DNS to edit the asset.
  4. Click the Access Control tab.
  5. Click Edit.
  6. Select lookup domain from the App Action drop-down list.
  7. Select the user desired user name then click the right arrow in order to move the user from the Users and Roles list into the Approved Users and Roles list.
  8. Click Save.

Now enable granular asset access control so that the permission set above takes effect.

  1. From the Home menu, select Administration.
  2. Select User Management > Asset Permissions.
  3. Check the Enable granular Asset Access Control checkbox.
  4. Confirm that you want to change global asset permissions.
  5. Click Save Changes.
Last modified on 20 May, 2022
PREVIOUS
Secure using two factor authentication
  NEXT
Secure by configuring an account password expiration

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters