I am creating a couple of apps in splunk and have one group that needs access to both apps and one group that needs access to only one. I assume this takes place in local.meta? Is it the access= param that I want to manipulate?
Hi @brent_weaver, answers to this similar post explain how you can create roles to limit the permissions for these apps with Splunk web. https://answers.splunk.com/answers/69183/can-i-restrict-users-accessing-other-apps.html
This documentation explains how to do it with authorize.conf and has the syntax for adding roles through $SPLUNK_HOME/etc/system/local/authorize.conf: http://docs.splunk.com/Documentation/Splunk/6.6.2/Security/Addandeditroleswithauthorizeconf