How to give a user access "full control" over his ...

demodav · ‎01-08-2016

I want the ability to grant a user access to his forwarder inputs on the configure server, so that he can add Windows event Logs, Files & Directories, Windows Performance Monitoring, TCP, UDP, & Scripts to his forwarder. However, I want to limit it where he does not have access to any other of the forwarders. How can I achieve this?

renjith_nair · ‎01-08-2016

If you are talking about the data visibility, then forward the data to different indexes and set the user permission only to his index.
About the forwarders, are you setting up multiple forwarders on same machine? If not, the access restrictions should be at machine level

---
What goes around comes around. If it helps, hit it with Karma 🙂

demodav · ‎01-11-2016

No, not just visibility, but manageability. Within the Configure server. I want to grant admin privileges to only 1 index. So that the team can manage their own forwarder, but not have access to others on the system.

renjith_nair · ‎01-11-2016

I'm sorry I didn't get that quite clear. If i understand correctly, you have a config server and you have multiple forwarders on that for different teams and you want to separate it so that each team handles their own inputs.
So do you have multiple forwarders on the config server or just one forwarders which forwards data from different inputs?

---
What goes around comes around. If it helps, hit it with Karma 🙂

How to give a user access "full control" over his forwarder inputs on the configure server, but restrict access to any other forwarders?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector