Hi,
I have many savedsearches running in my environment that are regularly writing data to summary indexes and metric store. And some savedsearches that are just meant to perform the basic search function.
I have restricted savedsearches read access to all users in the environment except those who belong to the admin role. However I would like to grant read access to some savedsearches to a specific role/group. I tried the below however that does not work. The users given access to the search -Summary_Find cant see any savedsearches.
[savedsearches]
access = read : [ dev, admin, power ], write : [ admin, power, dev ]
export = none
[savedsearches/Summary_Find]
access = read : [ admin, business_admin, dev, support, power ], write : [ admin, dev, power ]
export = none
owner = nobody
Please do let me know if there is a solution to do this in Splunk.
Go to Settings
-> Searches, reports, and alerts
, select All
for every dropdown and search for your search in the search box. When you find it, click the Edit permissions
item in the Edit
link, modify to suit, and click Save
.
@rijutha
you can provide access on a particular roles directly by editing permission of a report on Splunk UI.
@vishaltaneja07011993 Thanks. I was looking for an easy way to do this instead of setting individual permissions for every searche. I have 73 of them. And I only want some searches about 3-4 to be given read access to used other than admin/power/dev.