https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544550#M12158 <P>I am the admin who has access to that app.&nbsp; The issue is that we do NOT want to give read access to the app for new custom role, but we want them to be able to query the Lookup.</P> Fri, 19 Mar 2021 17:19:32 GMT dglass0215 2021-03-19T17:19:32Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544531#M12153 <P>Hello,&nbsp;</P><P>&nbsp;</P><P>I am trying to figure out which Role Capability controls being able to use a lookup in a query.&nbsp; If I select all the capabilities then the role certainly can query a lookup.&nbsp; However if I select only the capabilities that I want the role to have, they lose the ability to query the lookup.&nbsp; Looking at the documentation (<A href="https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/Rolesandcapabilities" target="_blank" rel="noopener">https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/Rolesandcapabilities</A>) it does not specify which capability allows for the querying of a lookup.</P><P>Thanks!</P><P>David</P> Fri, 19 Mar 2021 15:48:23 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544531#M12153 dglass0215 2021-03-19T15:48:23Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544532#M12154 <P>HI&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/117218">@dglass0215</a>&nbsp;,</P><P>It depends on what permission you will give to the lookup file. If you give only admin and power user roles to read and write the lookup. Then the user needs a power user role to access the lookup files.</P><P>But if you give read access for everyone. Then user role will be sufficient to access the lookup in the query.</P><P>&nbsp;</P> Fri, 19 Mar 2021 15:53:03 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544532#M12154 Vardhan 2021-03-19T15:53:03Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544533#M12155 <P>The lookup has Read permission for Everyone (including the custom Role I am having issues with).&nbsp;&nbsp;</P><P>Thanks!</P><P>David</P> Fri, 19 Mar 2021 16:07:58 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544533#M12155 dglass0215 2021-03-19T16:07:58Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544536#M12156 <P>I think I found the problem but I do not know the solution.&nbsp; While I have given read permission to the lookup specifically for the custom Role, the role does not have permission to the app that created the lookup.&nbsp; Not sure what I can do.&nbsp; I definitely DO NOT want the role to have access to the app but I need the role to be able to query the lookup.</P><P>&nbsp;</P><P>Thanks!</P><P>David</P> Fri, 19 Mar 2021 16:22:05 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544536#M12156 dglass0215 2021-03-19T16:22:05Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544549#M12157 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/117218">@dglass0215</a>&nbsp;,</P><P>&nbsp;</P><P>Ask someone who has access to that app to provide read permission to your custom role.</P> Fri, 19 Mar 2021 17:15:15 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544549#M12157 Vardhan 2021-03-19T17:15:15Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544550#M12158 <P>I am the admin who has access to that app.&nbsp; The issue is that we do NOT want to give read access to the app for new custom role, but we want them to be able to query the Lookup.</P> Fri, 19 Mar 2021 17:19:32 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544550#M12158 dglass0215 2021-03-19T17:19:32Z https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544569#M12159 <P>So, you should move the lookup to an app that both users have access. Your lookup level permissions will prevent unwanted access.</P> Fri, 19 Mar 2021 20:14:57 GMT https://community.splunk.com/t5/Security/Role-Capability-to-Query-Lookup/m-p/544569#M12159 scelikok 2021-03-19T20:14:57Z