Solved: How can I remove all Power role 'write' privileges...

paimonsoror · ‎07-12-2017

Not sure if this is normal, but I noticed that all Power role users have write access to all lookup files. Is there a capability that i have included that is doing that?

Power Group:
Imports user
capabilities: edit_sourcetypes, embed_report, schedule_search, search_process_config_refresh.

I am looking to make the lookup editor available to users so that they can modify their own lookup tables, but i noticed that power users can edit all lookups including the bundled splunk ones 😮

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

View solution in original post

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

paimonsoror · ‎07-12-2017

Ah ok, makes sense, thought maybe I accidentally included a capability. Thanks!

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25