Deployment Architecture

How to prevent users taking clones of knowledge objects?

mbasharat
Builder

Hi,

I am dealing with a situation where many users in Production are taking clones of knowledge objects e.g. scheduled reports, views etc. How to prevent this? Any settings in the configurations and roles capabilities I can apply to prevent this? Our configuration settings for access controls has read only for users. Write is for developers and admins only. This still does not prevent users from taking clones.

Thanks in advance!!!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What is the problem with cloning knowledge objects?  Is it possible users find the existing KOs inadequate and are creating better, private instances of them?

---
If this reply helps you, Karma would be appreciated.
0 Karma

mbasharat
Builder

Hi Rich,

The issue is that users are creating clones of KOs and due to the lack of their training and knowledge, they try tweaking the cloned KOs in an un-optimized manner which is causing heavy load on infrastructure. We are asked by management to shutdown the cloning for users with read only access so they are unable to take clones to begin with. Thanks.

0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...