stuart-k-h
commented
2 years ago As a starting point (at the request of Serge) it would be worthwhile examining the Splunk Add-on Builder as it handles credential storage and proxy configuration etc. https://splunkbase.splunk.com/app/2962/
According to the custom commands section of the documentation a user requires either 'admin_all_objects' or 'list_storage_passwords' to use the add-on. From a security perspective neither permission is viable as the first provides a user with full admin privileges on the platform, while the second allows a user to see all stored passwords for apps/add-ons they have access to.
This requirement prevents this app being used in the majority of environments, and really needs to be rewritten to use proper access control that doesn't reveal credentials to non-admins. While an admin should be able to see (and change) the configuration of any defined cluster, a normal user should only have access to clusters that share the same role (i.e., databricks_cluster_xxxxxx), similar to the functionality that DB Connect provides.