Reporting

Permission issue in Alerts created in Search & Reporting App

anandhalagarasa
Path Finder

In Splunk Cloud a user (A) has created multiple alerts (around 50+ alerts) in the Search & Reporting App and he has been assigned as an admin role. Similarly a same guy from his team (B) has been assigned to the same role (admin) but he cant able to edit the search which has been created by (A) and the only option it is available for him is "Clone" or "Embed".

So in a single shot can we able to change the permissions for all the alerts which has been created by (A) user so that (B) can able to edit or write the search query.

I navigated to Manage Apps and checked into "Search & Reporting App" and then i have provided the write permission for the admins and saved it and also reloaded the authentication but still (B) user cant able to edit the query which has been created by (A).

So is there any way to change the write permissions in one shot for the alerts which has been created in the "Search & Reporting App" by (A) so that (B) can able to modify the query and save it.

Tags (1)
0 Karma

anandhalagarasa
Path Finder

Kindly help on this request.

0 Karma

anandhalagarasa
Path Finder

Can anyone help on the request

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...