Solved: How can I remove all Power role 'write' privileges...

paimonsoror · ‎07-12-2017

Not sure if this is normal, but I noticed that all Power role users have write access to all lookup files. Is there a capability that i have included that is doing that?

Power Group:
Imports user
capabilities: edit_sourcetypes, embed_report, schedule_search, search_process_config_refresh.

I am looking to make the lookup editor available to users so that they can modify their own lookup tables, but i noticed that power users can edit all lookups including the bundled splunk ones 😮

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

View solution in original post

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

paimonsoror · ‎07-12-2017

Ah ok, makes sense, thought maybe I accidentally included a capability. Thanks!

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk