Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk setting roles

standias
Explorer
‎11-24-2010 08:39 AM

Hi,

I want to set role in Splunk such that user is restricted to only searching. NO admin privileges..

Manager>Roles

Role:

Capabilities:

   search

Index:

   muncher

Is only setting search enough under capabilities to restrict user to only searching for index muncher? Also if i want user to be able to create report/schedule search... will this capability allow that or I have to set additional capabilities.

get_typeahead? what exactly is this.. Does it autocomplete previously entered queries?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Rob
Splunk Employee
Splunk Employee
‎11-24-2010 02:53 PM

You may want to include the following two capabilities for the user as well...

rest_properties_get

get_metadata

The first will allow the user to login without getting an Authorization error (assuming you are using the default Splunk authentication system) and the second will show the data in the search summary page.

schedule_search is the capability you will want to add for users to schedule searches. The reporting functionality is already enabled with the search capability.

get_typeahead within Splunk returns typeahead on a specified prefix. This works as the auto-complete on previous searches and could potentially reveal sensitive information.

For more information on role capabilities, you may want to refer to the admin documentation located at http://www.splunk.com/base/Documentation/4.1.5/Admin/Addusersandassignroles#List_of_available_capabi...

View solution in original post

Reply
Solved! Jump to solution
Solution

Rob
Splunk Employee
Splunk Employee
‎11-24-2010 02:53 PM

You may want to include the following two capabilities for the user as well...

rest_properties_get

get_metadata

The first will allow the user to login without getting an Authorization error (assuming you are using the default Splunk authentication system) and the second will show the data in the search summary page.

schedule_search is the capability you will want to add for users to schedule searches. The reporting functionality is already enabled with the search capability.

get_typeahead within Splunk returns typeahead on a specified prefix. This works as the auto-complete on previous searches and could potentially reveal sensitive information.

For more information on role capabilities, you may want to refer to the admin documentation located at http://www.splunk.com/base/Documentation/4.1.5/Admin/Addusersandassignroles#List_of_available_capabi...

Reply
Solved! Jump to solution

sh1pit76
Explorer
‎10-08-2019 10:53 AM

I know this post is a bit old, but I'm curious what you meant when you said get_typeahead "could potentially reveal sensitive information." Can you give me an example when this would expose sensitive information? I was under the impression that get_typeahead works by comparing your search syntax to those you've entered previously. If this is true, wouldn't get_typeahead only reveal already known information to the user?

Thanks
Jason

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...