Solved: Lookup File Editor App: How can a Splunk user with...

VeEn · ‎12-11-2015

Hi,

We have the problem that we want Splunk users to be able to change existing CSV files, but every time a user with a user role wants to change a field, the editor returns the forbidden-error, even if the user created the file.

So far I tried fidgeting with the rights of the path and the specific file, but without any effect.

Is there some configuration wrong or is there a way to achieve this?

Best regards,
Verena

hortonew · ‎12-11-2015

You should be able to grant access via default or local.meta in the metadata folder. For instance, the following would allow write access to admins and the group mySplunkEditorGroup for all objects as part of an app.

[]
access = read : [ * ], write : [admin,mySplunkEditorGroup]
export = system

View solution in original post

hortonew · ‎12-11-2015

You should be able to grant access via default or local.meta in the metadata folder. For instance, the following would allow write access to admins and the group mySplunkEditorGroup for all objects as part of an app.

[]
access = read : [ * ], write : [admin,mySplunkEditorGroup]
export = system

VeEn · ‎12-14-2015

It was default.meta and it works. Thanks!

Lookup File Editor App: How can a Splunk user with only a user role make changes to existing CSV files?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?