Hi, I wonder whether someone could help me please.
The Splunk environment I administer contains sensitive personal data which only those with the relevant clearance can view.
To add an extra line of security, my security team have asked me to remove the 'export' function so these personal details can't be downloaded, that is, until the relevant clearance is provided.
I can make the changes via the 'authorize.conf' file to the user role, setting the 'export_is_visible' in the 'Parent' role to disabled and then a 'child' role which enables the capability.
The problem I have is:
Could someone tell me please is there another way to achieve this?
Many thanks and kind regards
Chris
@IRHM73, apps are deployed to machines, not to people. I don't think you'll be able to do what you're trying to do unless you want to give access to a specific machine once clearance is given.
Global Roles are the best way to achieve this.
@IRHM73, apps are deployed to machines, not to people. I don't think you'll be able to do what you're trying to do unless you want to give access to a specific machine once clearance is given.
Global Roles are the best way to achieve this.
Hi @brreeves, thank you for the confirmation.
Regards
Chris