Default permissions for searches/tags/eventtypes/e...

nocostk · ‎04-20-2011

Is it possible to set a default permission for searches/eventtypes/tags/field extractions/etc.? When we're creating these various objects we usually immediately change the permissions from private to application (search). Is there a way this can be done by default or automatically?

oestreicher · ‎04-18-2013

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Apparchitectureandobjectownership

Edub · ‎04-26-2011

Listen up Splunk guys. The permissions screens need a bulk change option or some check boxes to apply similar settings to multiple objects. Sharing a dashboard after creating all the extractions, searches, and views can be painful in the UI.

E.

Ricapar · ‎04-16-2013

This post was made close to a year ago.

We would very very much like this feature. Right now, we have to manually go through every single object - one by one, to even verify that the permissions are what they should be.

It is extremely painful and time consuming.

Genti · ‎04-20-2011

as far as i know, it is not possible through the UI

You could create the .conf files under the wanted app by editing the configs manually. Then they will be explicit to the app (user or system) as you desire.

/etc/apps/your-app/local vs /etc/users/your-user/your-app/local vs /etc/system/local

Cheers!

Default permissions for searches/tags/eventtypes/etc.

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio