Security

Default permissions for searches/tags/eventtypes/etc.

nocostk
Communicator

Is it possible to set a default permission for searches/eventtypes/tags/field extractions/etc.? When we're creating these various objects we usually immediately change the permissions from private to application (search). Is there a way this can be done by default or automatically?

Tags (1)

Edub
Explorer

Listen up Splunk guys. The permissions screens need a bulk change option or some check boxes to apply similar settings to multiple objects. Sharing a dashboard after creating all the extractions, searches, and views can be painful in the UI.

E.

Ricapar
Communicator

This post was made close to a year ago.

We would very very much like this feature. Right now, we have to manually go through every single object - one by one, to even verify that the permissions are what they should be.

It is extremely painful and time consuming.

Genti
Splunk Employee
Splunk Employee

as far as i know, it is not possible through the UI

You could create the .conf files under the wanted app by editing the configs manually. Then they will be explicit to the app (user or system) as you desire.

/etc/apps/your-app/local vs /etc/users/your-user/your-app/local vs /etc/system/local

Cheers!

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...