<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Field Extraction Restriction in Security</title>
    <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463437#M10792</link>
    <description>&lt;P&gt;@solarboyz1 -What is the name of capability that can control write access to the apps? Could you please share&lt;/P&gt;</description>
    <pubDate>Wed, 28 Aug 2019 14:57:05 GMT</pubDate>
    <dc:creator>rashi83</dc:creator>
    <dc:date>2019-08-28T14:57:05Z</dc:date>
    <item>
      <title>Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463435#M10790</link>
      <description>&lt;P&gt;Hi, &lt;BR /&gt;
I want to restrict field extraction capability to users in Splunk system. I want to provide this capability just to Admin users. &lt;BR /&gt;
If this is not possible , can users create private extractions and only admin can make them global - just trying to put control around the splunk system,&lt;/P&gt;

&lt;P&gt;thoughts?&lt;/P&gt;</description>
      <pubDate>Fri, 23 Aug 2019 19:43:27 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463435#M10790</guid>
      <dc:creator>rashi83</dc:creator>
      <dc:date>2019-08-23T19:43:27Z</dc:date>
    </item>
    <item>
      <title>Re: Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463436#M10791</link>
      <description>&lt;P&gt;&lt;EM&gt;can users create private extractions and only admin can make them global&lt;/EM&gt; &lt;/P&gt;

&lt;P&gt;This is exactly how it works.  As long as the users do not have &lt;STRONG&gt;write access&lt;/STRONG&gt; to the apps, they will only be able to create private objects.&lt;/P&gt;</description>
      <pubDate>Fri, 23 Aug 2019 20:05:03 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463436#M10791</guid>
      <dc:creator>solarboyz1</dc:creator>
      <dc:date>2019-08-23T20:05:03Z</dc:date>
    </item>
    <item>
      <title>Re: Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463437#M10792</link>
      <description>&lt;P&gt;@solarboyz1 -What is the name of capability that can control write access to the apps? Could you please share&lt;/P&gt;</description>
      <pubDate>Wed, 28 Aug 2019 14:57:05 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463437#M10792</guid>
      <dc:creator>rashi83</dc:creator>
      <dc:date>2019-08-28T14:57:05Z</dc:date>
    </item>
    <item>
      <title>Re: Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463438#M10793</link>
      <description>&lt;P&gt;Its not a capability, it's permissions on the app.&lt;/P&gt;

&lt;P&gt;App dropdown -&amp;gt; Manage Apps -&amp;gt; {Selected App} Permissions&lt;/P&gt;

&lt;P&gt;It lists the roles, and if the have read and/or write permissions.&lt;/P&gt;</description>
      <pubDate>Wed, 28 Aug 2019 15:04:44 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463438#M10793</guid>
      <dc:creator>solarboyz1</dc:creator>
      <dc:date>2019-08-28T15:04:44Z</dc:date>
    </item>
    <item>
      <title>Re: Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463439#M10794</link>
      <description>&lt;P&gt;thanks , so I have READ permission to Everyone and Write permission to Admin and Power user only. &lt;BR /&gt;
But Still I see "normal user" can create global field extractions.&lt;/P&gt;</description>
      <pubDate>Wed, 28 Aug 2019 15:54:49 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463439#M10794</guid>
      <dc:creator>rashi83</dc:creator>
      <dc:date>2019-08-28T15:54:49Z</dc:date>
    </item>
    <item>
      <title>Re: Field Extraction Restriction</title>
      <link>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463440#M10795</link>
      <description>&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Apparchitectureandobjectownership"&gt;https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Apparchitectureandobjectownership&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;To make an object &lt;EM&gt;global&lt;/EM&gt; the user requires the capability:&lt;/P&gt;

&lt;P&gt;&lt;CODE&gt;admin_all_objects capability&lt;/CODE&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 28 Aug 2019 16:05:22 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Security/Field-Extraction-Restriction/m-p/463440#M10795</guid>
      <dc:creator>solarboyz1</dc:creator>
      <dc:date>2019-08-28T16:05:22Z</dc:date>
    </item>
  </channel>
</rss>

