Reporting

How to add the permission to allow users to change their own reports to global sharing? But at the same time not to delete knowledge object ?

Hemnaath
Motivator

Hi Team,
We got request from a client that he wants users in the test_basic group (role) should be allowed to change his/her reports to global sharing. But at the same time they he do wants the user with test_basic group should not be able to delete the knowledge object of their own app.

I had gone through the below link for enabling a role other than Admin and Power to set permissions and share objects.

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Manageknowledgeobjectpermissions

But when we give write permission to the test_basic user group, then there is a possibility by the user in this group to delete the Knowledge objects for a specific app (search app) which he has a write permission. So in this case how to restrict this group of user to share the object but not to delete it.

Kindly guide me on this.

0 Karma
1 Solution

evsmt
Explorer

Define all Knowledge Objects that may not be deleted as .conf files in the /default directory in the app.

This will only work if you know up front which KO may not be deleted. This will not protect against one user deleting a KO of another user which is shared in the app.

View solution in original post

0 Karma

evsmt
Explorer

Define all Knowledge Objects that may not be deleted as .conf files in the /default directory in the app.

This will only work if you know up front which KO may not be deleted. This will not protect against one user deleting a KO of another user which is shared in the app.

0 Karma

Hemnaath
Motivator

thanks for your effort on this, so it means that I can protect only the KO that are present already in that app is that right.

0 Karma

Hemnaath
Motivator
0 Karma

evsmt
Explorer

Yes, this method protects KO's shipped with the app. I do not know of an other method to achieve your goal.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...