I was wondering if there is a way to have ALL reports and alerts visible to only specified users? For example, I would like all my administrators to have access to any and every report/alert, but I do not want regular users to be able to view them at all (as if they don't even exist).
If someone can help that would be greatly appreciated.
Thanks in advance!
HI,
you just have to set up a role in Access Control, set up an app, share Alerts only with this app, and grand right to see the app for certain users by adding them to the role
See also https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/AlertPermissions
HI,
you just have to set up a role in Access Control, set up an app, share Alerts only with this app, and grand right to see the app for certain users by adding them to the role
See also https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/AlertPermissions
HI did you try that?
For this I assume I would need to go to each individual alert and manually share it?
That would be the way. There is no way to assign them new in a bulk.
Thank you. There are hundreds of reports/alerts so it will take some time to implement.
If you could accept the answer that would be great 🙂