Security

How to restrict user to create new Alerts

arun_kant_sharm
Path Finder

Hi Experts,

I create one app for monitoring purpose, in this app I am showing stats and feature of different application.
For search purpose I also added "search" in the navigation menu.
For that app I created different user for watch and monitor. But in the search menu the user have options to save the search as a Alert and forward the events to the mail box using Send Mail in alert.
How I restrict user to create new Alerts, what is the right way to create role and capabilities with different functionality?

Thanks

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@arun_kant_sharma ,

schedule_search is the capability which enables the user to save search as alert.

schedule_search 
    Lets the user schedule saved searches, create and update alerts, and review triggered alert information.

So if you do not want to give schedule_search permissions, create a separate role, add only the required permissions and assign the role to the user.

Refer Table of Splunk platform capabilities for more details about splunk roles & capabilities

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...