For details, see:
Configure role based access control inside Splunk apps
Splunk SOAR (On-premises) supports granular asset access control inside of Splunk SOAR (On-premises) apps to ensure that only authorized access to the app is allowed. Asset access control works on an authorized basis, with a default-deny policy.
When granular asset access control is enabled, only users or groups with explicit permissions are able to perform actions in a Splunk SOAR (On-premises) app. Configure user and group permissions on all configured apps before enabling granular asset access control.
To set up a single user to have access the "lookup domain" action on the Google DNS asset:
- From the Home menu, select Apps.
- Click 1 configured asset to expand the section.
- Click Google DNS to edit the asset.
- Click the Access Control tab.
- Click Edit.
- Select lookup domain from the App Action drop-down list.
- Select the user desired user name then click the right arrow in order to move the user from the Users and Roles list into the Approved Users and Roles list.
- Click Save.
Now enable granular asset access control so that the permission set above takes effect.
- From the Home menu, select Administration.
- Select User Management > Asset Permissions.
- Check the Enable granular Asset Access Control checkbox.
- Confirm that you want to change global asset permissions.
- Click Save Changes.
Secure Splunk SOAR (On-premises) using two factor authentication | Secure Splunk SOAR (On-premises) by configuring an account password expiration |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0
Feedback submitted, thanks!