how can i add permission or role for users using a...

sfatnass · ‎10-19-2016

hi
i have some user need to update her own application splunk and i want to affect her the permission to update specific applications.

what's the config can edit it on autorize.conf to affect to user only update to specific project?

gcusello · ‎10-19-2016

You have to create a Splunk role for these users and then give access rights to this role to the specific apps and objects in app.
The best (and more secure!) way to do this is via GUI [Apps -- Manage Apps -- Show Objects] but it's very slow if your app has many objects (you have to manually modify one by one all of them).
in this way, you could modify (with much attention!!!) $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta giving rights access to the new role:

give role access rights via GUI to the first object
in $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta modify the row (when exists) access = read : [ * ], write : [ admin, power ] with the new role, copying the correct Access Rights from the first object you modified via GUI in every stanza (each stanza is an App object);
restart Splunk.

Bye.
Giuseppe

how can i add permission or role for users using autorize.conf ?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...