Solved: How do you restrict the visibility of reports and ...

mnakhuda · ‎01-23-2019

I was wondering if there is a way to have ALL reports and alerts visible to only specified users? For example, I would like all my administrators to have access to any and every report/alert, but I do not want regular users to be able to view them at all (as if they don't even exist).

If someone can help that would be greatly appreciated.

Thanks in advance!

dkeck · ‎01-23-2019

HI,

you just have to set up a role in Access Control, set up an app, share Alerts only with this app, and grand right to see the app for certain users by adding them to the role

See also https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/AlertPermissions

View solution in original post

dkeck · ‎01-23-2019

HI,

you just have to set up a role in Access Control, set up an app, share Alerts only with this app, and grand right to see the app for certain users by adding them to the role

See also https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/AlertPermissions

dkeck · ‎01-23-2019

HI did you try that?

mnakhuda · ‎01-24-2019

For this I assume I would need to go to each individual alert and manually share it?

dkeck · ‎01-24-2019

That would be the way. There is no way to assign them new in a bulk.

mnakhuda · ‎01-24-2019

Thank you. There are hundreds of reports/alerts so it will take some time to implement.

dkeck · ‎01-24-2019

If you could accept the answer that would be great 🙂

How do you restrict the visibility of reports and alerts?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?

How do you restrict the visibility of reports and alerts?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!