Hi,

We want to create lookup table to store confidential data of each user who logs into splunk like: Username, password and some token specific to each user.
So we thought lets create private lookup table for each user at this location $SPLUNK_HOME/etc/users/username/app_name/lookups so that other user can not view content of it by | inputlookup lookup_file_name.csv.
But, currently I saw that this doesn't work. Even after creating lookup table private to user. Any other user can change permission of lookup table in setting>lookups>Lookup table files permission can be change from private to global. everyone can see the lookup file content.
Is there any way that confidential data can be stored, such a way that no one can access data?

Okay, that's really not aligned with the purpose and architectural assumptions of splunk lookup tables and csvs.

So a more accurate statement of your need is: "What options are available to securely store user-specific information in such a way that it is never exposed?"

Since security in splunk is generally at the role level, that's probably going to require a custom search command... and I don't see right off how to efficiently accomplish it. I'd tend to set the repository up in an external database, probably SQL Server accessed via DBConnect, but that's one of those things where I'd just be using the tools that are most familiar and that I know will be able to do the job. YMMV.

By the way, here's a link to the Splunk SDK for JavaScript code to get the current user...
http://dev.splunk.com/view/javascript-sdk/SP-CAAAEJ8#currentuser

@DalJeanis I am also looking to change permissions of the file generated by outputlookup. At the moment, it gives read access globally. So is there a way by which we can only restrict it to some particular group or even make it private.
Thanks

@kgup0003 - please do not post "followup" questions on old posts... This post is nearly two years old. Just ask your new question newly, and link to the old related post to show that you have done your homework.

Brief answer: You can define a lookup in an app, accessible at the app level, and restrict access to that app to particular roles. If you need more information on this, please post a new question with full details of your needs and your use case.

Ya. creating lookup file for each individual user can be differentiated by appending username. But, I want to create private lookup file individual user. Such that other user shouldn't see content of other users lookup contents. How can create any type of file or DB or anything so that data shouldn't be visible to others?