How can I give read access to all apps for a certa...

ddrillic · ‎10-13-2017

I need to give read access to all apps for a certain role. How can I do that?

hettervik · ‎06-28-2019

Hi! Did you ever find out if there was a way of doing this? I have the same problem.

sbbadri · ‎10-17-2017

create a user role in authorize.conf with proper capabilites. Map the user role with the proper AD group (you belongs to ) in authentication.conf .

optional: you can add this splreadaccess_user in default.meta. Because your role has inherited user and power role. so that you can read all apps.

for e.g,
authorize.conf

[role_splreadaccess_user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = power;user
srchIndexesAllowed = *
srchIndexesDefault = *
srchMaxTime = 0
use_file_operator = enabled

authentication.conf

splreadaccess_user = adgroup1

DalJeanis · ‎10-13-2017

I'm reading your question as, "I need to set up a role which will have read access on all apps." Did I get that right?

ddrillic · ‎10-13-2017

Absolutely - that's right.

ddrillic · ‎10-16-2017

Any thoughts on that?

agarrison · ‎10-13-2017

I think your looking for something like this,
http://docs.splunk.com/Documentation/Splunk/6.1/admin/Defaultmetaconf
You can set the default permissions for apps.

ddrillic · ‎10-13-2017

Good but I prefer not to get into each single app and do it... if possible ; -)

agarrison · ‎10-17-2017

That defaultmetaconf should apply to all apps unless they have something else specified for the specific app to overwrite that one.

How can I give read access to all apps for a certain role?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases