Hello All
What is the best practice for assigning ownership of shared search assets? (Dashboard used by the whole team for example.)
I don't want to set it to a specific user. I would then have to worry about concurrent search quotas. Do I assign it to nobody (doesn't sound like a good idea.) Do I assign it to a system user (Is there a system user?).
Also, search accounts would not be preferred since that would mean another shared account with a shared password to manage.
Thanks,
Generally we create a role with higher quota for owners of such shared artifacts, in order to avoid search quota issue. Assigning owner as nobody makes it run as system user (splunk-system-user to be specific) which have high limit but is a hard-coded value (can't be increased/decreased). You can also increase quota for a user but that will enforce dependency on a user.
@nirmalrajneupane, Have you had a chance to read these pages in the documentation about users and roles, as well as roles and capabilities?
http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/Aboutusersandroles
http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/Rolesandcapabilities
@lfedak
Read the documents. Don't think it answers my questions.
So are you recommending creating a user with required privileges to own the dashboards. Is that what is mostly done? We want to avoid using shared accounts with shared password. But if this is the only option, I can understand.
Thanks,
Nirmal