topic Create a read only lookup table in Security https://community.splunk.com/t5/Security/Create-a-read-only-lookup-table/m-p/506152#M11583 <P>I have a user which needs to be able to write one specific lookup table which has to be shared globally. I have to control with the permission settings on the lookup&nbsp; as I have several users/roles where each role has to grant write access to a different lookup table.<BR /><BR />What i have observed so far:<BR />in order to be able to write a lookup table with <STRONG>| outputlookup xxxx.csv,</STRONG> the user needs the capability<STRONG> <SPAN>output_file</SPAN></STRONG>. This capability is be default granted trough the predefined user role.<BR /><BR />With the capability <STRONG><SPAN>output_file</SPAN></STRONG>, the permission configured in local.meta is ignored,&nbsp; outputlookup writes happily any lookup file, regardless of the permission, even files which don't exist.</P><P>&nbsp;</P><P>What i am missing here?</P> Thu, 25 Jun 2020 13:44:34 GMT FritzWittwer 2020-06-25T13:44:34Z Create a read only lookup table https://community.splunk.com/t5/Security/Create-a-read-only-lookup-table/m-p/506152#M11583 <P>I have a user which needs to be able to write one specific lookup table which has to be shared globally. I have to control with the permission settings on the lookup&nbsp; as I have several users/roles where each role has to grant write access to a different lookup table.<BR /><BR />What i have observed so far:<BR />in order to be able to write a lookup table with <STRONG>| outputlookup xxxx.csv,</STRONG> the user needs the capability<STRONG> <SPAN>output_file</SPAN></STRONG>. This capability is be default granted trough the predefined user role.<BR /><BR />With the capability <STRONG><SPAN>output_file</SPAN></STRONG>, the permission configured in local.meta is ignored,&nbsp; outputlookup writes happily any lookup file, regardless of the permission, even files which don't exist.</P><P>&nbsp;</P><P>What i am missing here?</P> Thu, 25 Jun 2020 13:44:34 GMT https://community.splunk.com/t5/Security/Create-a-read-only-lookup-table/m-p/506152#M11583 FritzWittwer 2020-06-25T13:44:34Z