Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Automatic Role Removal

IRHM73
Motivator
‎09-06-2019 02:59 AM

Hi,

I wonder if someone can help me please.

We allocate user roles via the authroize.conf file with all the settings needed for each role.

By default, we don't allocate the 'export' function, but where appropriate will allocate in specific circumstances nornmally for a limited time frame.

Could someone tell me please, is there any funtionality within Splunk that allows a role, in this case the 'Export' function, to be removed from a user after a given timeframe has passed?

Many thanks and kind regards

Chris

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎09-06-2019 03:11 AM

Hi IRHM73,

Not to my knowing, but that said does not mean you could create a cron job that modifies the setting for you in authorize.conf and reloads the new config.

Hope that helps ...

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎09-06-2019 03:11 AM

Hi IRHM73,

Not to my knowing, but that said does not mean you could create a cron job that modifies the setting for you in authorize.conf and reloads the new config.

Hope that helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

IRHM73
Motivator
‎09-06-2019 03:41 AM

Hi @MuS. Thank you for taking the time to come back to me and for your suggestion.

Not thought of that.

Many thanks and kind regards

Chris

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎09-06-2019 03:56 AM

You are welcome!

Sometimes you have to think out of the box to get where you want to be 😉

Feel free to accept this answer and help others 🙂

cheers, MuS

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...