https://community.splunk.com/t5/Security/How-can-we-specify-authorization-at-data-input-level/m-p/16059#M11843 <P>How can we specify authorization at data input source level? Like I created a TCP source, but I want it to be available (while searching) to a specific group/role/user only. Not for everyone.</P> Thu, 24 Jun 2010 05:15:55 GMT alankar 2010-06-24T05:15:55Z https://community.splunk.com/t5/Security/How-can-we-specify-authorization-at-data-input-level/m-p/16059#M11843 <P>How can we specify authorization at data input source level? Like I created a TCP source, but I want it to be available (while searching) to a specific group/role/user only. Not for everyone.</P> Thu, 24 Jun 2010 05:15:55 GMT https://community.splunk.com/t5/Security/How-can-we-specify-authorization-at-data-input-level/m-p/16059#M11843 alankar 2010-06-24T05:15:55Z https://community.splunk.com/t5/Security/How-can-we-specify-authorization-at-data-input-level/m-p/16060#M11844 <P>You could specify a custom index within the input configuration. For example:</P> <PRE><CODE>[monitor:///var/log/custom.log] index = special </CODE></PRE> <P>You can then create a custom role which allows only access to this index by modifying authorize.conf:</P> <PRE><CODE>[role_custom] importRoles = user srchIndexesDefault = special srchIndexesAllowed = special </CODE></PRE> <P>To ensure other roles are unable to access this special index, you should verify that the srchIndexes* settings do not specify * or the special index.</P> Thu, 24 Jun 2010 05:25:06 GMT https://community.splunk.com/t5/Security/How-can-we-specify-authorization-at-data-input-level/m-p/16060#M11844 the_wolverine 2010-06-24T05:25:06Z