How to set permission to read ALL knowledge Object...

NightShark · ‎12-04-2023

Hello,

I would like to create a compliance user by allowing read only access to all knowledge objects and dashboards in our Splunk environment. I have allowed read permissions on all apps to that specific role however, me as admin role can view almost double the amount of Alerts, Reports and Dashboards as the compliance role.

What could be the cause here? and what could I be missing? Do I need to edit every single knowledge object and dashboard to allow permission for said role? Is there an easier method of doing this if so?

Thanks,

Regards,

gcusello · ‎12-04-2023

Hi @NightShark ,

check if the not visible knowledge objects are shared or private: admins can see all, other roles cannot see private knowledge objects.

Ciao.

Giuseppe

NightShark · ‎12-04-2023

Hello @gcusello ,

I assume that is the case, is there a capability to allow certain roles to view private knowledge objects? Or another easier method to make them do so?

Thanks,

Regards,

gcusello · ‎12-04-2023

Hi @NightShark ,

only admin, but I don't like to anable to be admin, even if it's a compliance manager, he/she shouldn't access private objects.

Ciao.

Giuseppe

How to set permission to read ALL knowledge Objects

audit

KV Store

splunkd

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?