https://community.splunk.com/t5/Security/permissions-question/m-p/179047#M5317 <P>Does the view belong to the user who marked it private? If they didnt create the view they wont see it after they mark it private because it's private to owner not the person who marks it private.</P> Tue, 27 May 2014 13:41:19 GMT jkat54 2014-05-27T13:41:19Z https://community.splunk.com/t5/Security/permissions-question/m-p/179046#M5316 <P>Hi,</P> <P>Once a view is created and made private, does a power user have the ability to change the permissions? I have some users who can't change permissions after saving the original item as private. </P> Tue, 27 May 2014 13:03:00 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179046#M5316 a212830 2014-05-27T13:03:00Z https://community.splunk.com/t5/Security/permissions-question/m-p/179047#M5317 <P>Does the view belong to the user who marked it private? If they didnt create the view they wont see it after they mark it private because it's private to owner not the person who marks it private.</P> Tue, 27 May 2014 13:41:19 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179047#M5317 jkat54 2014-05-27T13:41:19Z https://community.splunk.com/t5/Security/permissions-question/m-p/179048#M5318 <P>He is listed as the owner, but Permissions link isn't there.</P> Tue, 27 May 2014 14:02:26 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179048#M5318 a212830 2014-05-27T14:02:26Z https://community.splunk.com/t5/Security/permissions-question/m-p/179049#M5319 <P>My guess it's a file permissions issue:</P> <P>If splunkd was running as root when the view was created. That would make the .conf file owned by root. Then if the current owner of splunkd has changed to something like splunk_daemon_service_account, splunkd wouldnt be able to edit the file.</P> Mon, 28 Sep 2020 16:43:54 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179049#M5319 jkat54 2020-09-28T16:43:54Z https://community.splunk.com/t5/Security/permissions-question/m-p/179050#M5320 <P>I think this would reveal the permissions issue if it existed: index=_internal ( source="*splunkd.log" ) ( log_level="ERROR" ) </P> <P>You should see something like "file not found", "permission denied" etc.</P> Mon, 28 Sep 2020 16:43:57 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179050#M5320 jkat54 2020-09-28T16:43:57Z https://community.splunk.com/t5/Security/permissions-question/m-p/179051#M5321 <P>Roles are implemented within Splunk with different capabilities : <A href="http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_capabilities">http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_capabilities</A></P> <P>If the power user you're talking about has the proper capability, (s)he'll be able to change Permissions.</P> <P>Another possibility is to do that directly by editing the .conf files within the user's directory.</P> Tue, 27 May 2014 15:30:44 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179051#M5321 ofrachon 2014-05-27T15:30:44Z https://community.splunk.com/t5/Security/permissions-question/m-p/179052#M5322 <P>Bingo. We implemented new roles with 6.1.1 and this user was put in a different role. All set. Thanks.</P> Tue, 27 May 2014 16:51:43 GMT https://community.splunk.com/t5/Security/permissions-question/m-p/179052#M5322 a212830 2014-05-27T16:51:43Z