topic Re: Restrict index access using Eventtype in Security https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374883#M9253 <P>You could do that with the "Restrict Search terms" field within a role:</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/3142i51AF8316D67149B5/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Fri, 30 Jun 2017 02:07:49 GMT kmorris_splunk 2017-06-30T02:07:49Z Restrict index access using Eventtype https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374881#M9251 <P>We have over 1000 users, we are using Active Directory, Mapping groups to Roles, and we have 100's of indexes. We need to restrict access to indexes due to sensitive data. Our plan is to use "roles" and restrict the role by Event types. Those Event Types will map to certain indexes using wildcards. The question is: a) is there a better way and b) will this negatively impact performance.</P> Thu, 29 Jun 2017 21:25:36 GMT https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374881#M9251 santiagn 2017-06-29T21:25:36Z Re: Restrict index access using Eventtype https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374882#M9252 <BLOCKQUOTE> <P>Our plan is to use "roles" and restrict the role by Event types.<BR /> How do you do that?</P> </BLOCKQUOTE> <P>Eventtypes were designed for categorization - so it might be a good choice ; -) </P> Fri, 30 Jun 2017 00:52:24 GMT https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374882#M9252 ddrillic 2017-06-30T00:52:24Z Re: Restrict index access using Eventtype https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374883#M9253 <P>You could do that with the "Restrict Search terms" field within a role:</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/3142i51AF8316D67149B5/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Fri, 30 Jun 2017 02:07:49 GMT https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374883#M9253 kmorris_splunk 2017-06-30T02:07:49Z Re: Restrict index access using Eventtype https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374884#M9254 <P>will this affect performance at all? slower searches etc?</P> Wed, 05 Jul 2017 14:17:02 GMT https://community.splunk.com/t5/Security/Restrict-index-access-using-Eventtype/m-p/374884#M9254 santiagn 2017-07-05T14:17:02Z