I wonder if someone can help me please.
We allocate user roles via the authroize.conf file with all the settings needed for each role.
By default, we don't allocate the 'export' function, but where appropriate will allocate in specific circumstances nornmally for a limited time frame.
Could someone tell me please, is there any funtionality within Splunk that allows a role, in this case the 'Export' function, to be removed from a user after a given timeframe has passed?
Many thanks and kind regards
Not to my knowing, but that said does not mean you could create a cron job that modifies the setting for you in authorize.conf and reloads the new config.
Hope that helps ...
View solution in original post
Hi @MuS. Thank you for taking the time to come back to me and for your suggestion.
Not thought of that.
You are welcome!
Sometimes you have to think out of the box to get where you want to be 😉
Feel free to accept this answer and help others 🙂