Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to restrict user to create new Alerts

arun_kant_sharm
Path Finder
‎07-23-2019 05:41 PM

Hi Experts,

I create one app for monitoring purpose, in this app I am showing stats and feature of different application.
For search purpose I also added "search" in the navigation menu.
For that app I created different user for watch and monitor. But in the search menu the user have options to save the search as a Alert and forward the events to the mail box using Send Mail in alert.
How I restrict user to create new Alerts, what is the right way to create role and capabilities with different functionality?

Thanks

0 Karma
Reply

renjith_nair
Legend
‎07-24-2019 05:54 AM

@arun_kant_sharma ,

schedule_search is the capability which enables the user to save search as alert.

schedule_search 
    Lets the user schedule saved searches, create and update alerts, and review triggered alert information.

So if you do not want to give schedule_search permissions, create a separate role, add only the required permissions and assign the role to the user.

Refer Table of Splunk platform capabilities for more details about splunk roles & capabilities

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...