https://community.splunk.com/t5/Security/User-Data-Access-Control/m-p/119748#M3673 <P>As per my knowledge so far that lookups just do mapping between existing field and external fields from csv file. <BR /> I think with props.conf you can route a subset from firewall/proxy logs to a new index that windows admins have access on it.</P> <P>Regards,<BR /> Ahmed</P> Tue, 27 Jan 2015 18:08:37 GMT aakwah 2015-01-27T18:08:37Z https://community.splunk.com/t5/Security/User-Data-Access-Control/m-p/119747#M3672 <P>I was wondering if anyone has tried to use lookup tables to determine what a user can search against? I'm wanting to allow administrators to have the most knowledge possible about their systems without just giving them "keys to the kingdom". </P> <P>So, for instance, I don't mind if a windows admin searches against the windows event logs and can have unfiltered access there, however I would like him to only see windows servers in the firewall logs &amp; proxy logs.</P> <P>Has anyone tried to use lookup tables as a search filter to contrain user groups search ability?</P> Tue, 27 Jan 2015 14:59:32 GMT https://community.splunk.com/t5/Security/User-Data-Access-Control/m-p/119747#M3672 ltrand 2015-01-27T14:59:32Z https://community.splunk.com/t5/Security/User-Data-Access-Control/m-p/119748#M3673 <P>As per my knowledge so far that lookups just do mapping between existing field and external fields from csv file. <BR /> I think with props.conf you can route a subset from firewall/proxy logs to a new index that windows admins have access on it.</P> <P>Regards,<BR /> Ahmed</P> Tue, 27 Jan 2015 18:08:37 GMT https://community.splunk.com/t5/Security/User-Data-Access-Control/m-p/119748#M3673 aakwah 2015-01-27T18:08:37Z