https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424157#M51765 <P>Is it possible to obfuscate lookups that users are do not have access to? I don't think it makes sense to display lookups and kv-stores that the users don't have access to edit. Also they're able to open them in the viewer which may be a bit of a security breach. </P> <P>We would like our users to only see what they can edit. </P> Thu, 24 Jan 2019 21:06:21 GMT ktatis268 2019-01-24T21:06:21Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424157#M51765 <P>Is it possible to obfuscate lookups that users are do not have access to? I don't think it makes sense to display lookups and kv-stores that the users don't have access to edit. Also they're able to open them in the viewer which may be a bit of a security breach. </P> <P>We would like our users to only see what they can edit. </P> Thu, 24 Jan 2019 21:06:21 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424157#M51765 ktatis268 2019-01-24T21:06:21Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424158#M51766 <P>If you modify the permissions of the lookup and remove read access from that user's role then they will not be able to see it in the list of available lookups.</P> Thu, 24 Jan 2019 22:15:20 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424158#M51766 dflodstrom 2019-01-24T22:15:20Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424159#M51767 <P>That suggestion is, unfortunately, a non-stater in our environment. We have multiple SHCs all of which have over 300+ lookup files... Most of these lookups are the ones that come baked-in with other apps/TAs. </P> <P>There has to be a better way of obfuscating those files. The stanza below is not helping as I'd hoped. </P> <P>[lookups]<BR /> access = read : [ ] , write : [ admin ]</P> Thu, 31 Jan 2019 14:47:27 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424159#M51767 ktatis268 2019-01-31T14:47:27Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424160#M51768 <P>Seeing only what you can edit is not very helpful, IMO. Users must have read access to the lookup files needed for their dashboards and reports. Without read access, users will see "lookup file not found" errors.<BR /><BR /> Only those few (typically admins) trusted to make changes to a lookup should have write access.</P> Thu, 31 Jan 2019 15:51:08 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424160#M51768 richgalloway 2019-01-31T15:51:08Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424161#M51769 <P>If you only want those with write access to have read access then it shouldn't be that difficult to add this to all of the apps with lookups you want to hide. I'm not suggesting doing this one-by-one by hand but manipulating the permissions with metadata seems to be how this is done.</P> Thu, 31 Jan 2019 15:56:39 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Modifying-Permissions-for-Lookup-Files-viewed-in-the-App/m-p/424161#M51769 dflodstrom 2019-01-31T15:56:39Z