Configure role based access control inside Splunk apps
supports granular asset access control inside of apps to ensure that only authorized access to the app is allowed. Asset access control works on an authorized basis, with a default-deny policy.
When granular asset access control is enabled, only users or groups with explicit permissions are able to perform actions in a app. Configure user and group permissions on all configured apps before enabling granular asset access control.
To set up a single user to have access the "lookup domain" action on the Google DNS asset:
- From the Home menu, select Apps.
- Click 1 configured asset to expand the section.
- Click Google DNS to edit the asset.
- Click the Access Control tab.
- Click Edit.
- Select lookup domain from the App Action drop-down list.
- Select the user desired user name then click the right arrow in order to move the user from the Users and Roles list into the Approved Users and Roles list.
- Click Save.
Now enable granular asset access control so that the permission set above takes effect.
- From the Home menu, select Administration.
- Select User Management > Asset Permissions.
- Check the Enable granular Asset Access Control checkbox.
- Confirm that you want to change global asset permissions.
- Click Save Changes.
Secure using two factor authentication
Secure by configuring an account password expiration
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.4.0