Solved: How can I remove all Power role 'write' privileges...

paimonsoror · ‎07-12-2017

Not sure if this is normal, but I noticed that all Power role users have write access to all lookup files. Is there a capability that i have included that is doing that?

Power Group:
Imports user
capabilities: edit_sourcetypes, embed_report, schedule_search, search_process_config_refresh.

I am looking to make the lookup editor available to users so that they can modify their own lookup tables, but i noticed that power users can edit all lookups including the bundled splunk ones 😮

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

View solution in original post

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

paimonsoror · ‎07-12-2017

Ah ok, makes sense, thought maybe I accidentally included a capability. Thanks!

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem