Reporting

How to add the permission to allow users to change their own reports to global sharing? But at the same time not to delete knowledge object ?

Hemnaath
Motivator

Hi Team,
We got request from a client that he wants users in the test_basic group (role) should be allowed to change his/her reports to global sharing. But at the same time they he do wants the user with test_basic group should not be able to delete the knowledge object of their own app.

I had gone through the below link for enabling a role other than Admin and Power to set permissions and share objects.

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Manageknowledgeobjectpermissions

But when we give write permission to the test_basic user group, then there is a possibility by the user in this group to delete the Knowledge objects for a specific app (search app) which he has a write permission. So in this case how to restrict this group of user to share the object but not to delete it.

Kindly guide me on this.

0 Karma
1 Solution

evsmt
Explorer

Define all Knowledge Objects that may not be deleted as .conf files in the /default directory in the app.

This will only work if you know up front which KO may not be deleted. This will not protect against one user deleting a KO of another user which is shared in the app.

View solution in original post

0 Karma

evsmt
Explorer

Define all Knowledge Objects that may not be deleted as .conf files in the /default directory in the app.

This will only work if you know up front which KO may not be deleted. This will not protect against one user deleting a KO of another user which is shared in the app.

0 Karma

Hemnaath
Motivator

thanks for your effort on this, so it means that I can protect only the KO that are present already in that app is that right.

0 Karma

Hemnaath
Motivator
0 Karma

evsmt
Explorer

Yes, this method protects KO's shipped with the app. I do not know of an other method to achieve your goal.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...