How to restrict a user from write access to an alert, but still be able to view the alert schedule and configured email IDs?


Hello All,

We have created a role with restricted user access and assigned the same to a particular user.

That user is able to view the alert, but he/she is unable to view the schedule and the email id's configured to that alert.

How can we provide read only access to the user, who can view the schedule along with the email id's configured, but also ensure that user does not have write access to that alert?

Thanks in advance!

0 Karma


If you want to give access to some information about alerts, you could create a Dashboard for those users using | rest command.
Something like this
| rest /services/saved/searches
And after you can filter results and show fields you want.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!