I have a dashboard linked to a JavaScript file which allows users to click a button that will pass updates to the KV Store. Therefore, I need to know the minimum amount of access I need to give to users so they can interact with this dashboard successfully.
I have been reading about the roles here: https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities#List_of_available_capabilities
It seems like the role I should need is called "rest_properties_set" which is included in the user, power, and admin role. However, when testing my dashboard with just the user role, I get the following error:
[SPLUNKD] User 'kv_api_test' with roles { kv_api_test, user } cannot write: /nobody/kvStoreApp/collections/myKVStore { read : [ * ], write : [ admin, power ] }, export: app, removable: no
My user account is able to update the KV Store when I add the "rest_apps_management" role. However, this role is meant for admins, and the definition states it allows users to alter other apps and do far more than update the KV Store.
How can I restrict users to only be able to edit KV Store entries without giving any additional access?
↧