Search code examples
splunksplunk-dashboard

Splunk: Is there a way to remove the Clone dashboard option

I need a way to stop users with access to a Studio dashboard from being able to clone it.

From this they are able to edit this new dashboard, giving these particular user too much access. These users having a minimal amount of role capabilities, Search and List all objects. So I'm unable to give them any less capabilities. (not that any seem to relate to this.)

Any help or ideas would be greatly appreciated. Thanks

Cloned here

Cloned here 2

Can open Dashboard after creation

Solution

  • Unless you export the data outside Splunk, anyone can clone a Dashboard (perhaps only to their own private view, but clone it nonetheless)

    If they're not supposed to have access to various data sources, you need to restrict their access to those sourcetype(s) or index(es)