When setting up a custom search command, is it still necessary to setup authorize.conf
entries like this in Splunk 4.1?
[capability::run_script_dothething]
[role_Admin]
run_script_dothething = enabled
Or has it been replaced in favor of metadata entries? Like so:
[commands/dothething]
access = read : [ admin ], write : [ admin ]
owner = nobody
export = system
Are these equivalent?
The settings in authorize.conf
for controlling access to search commands have been replaced by the settings in the .meta
files as of 4.0. The run_script_*
settings no longer do anything. (Also note that settings for role_Admin
should be role_admin
as of 4.0, as the name of the role changes from Admin
to admin
then.)
The settings in authorize.conf
for controlling access to search commands have been replaced by the settings in the .meta
files as of 4.0. The run_script_*
settings no longer do anything. (Also note that settings for role_Admin
should be role_admin
as of 4.0, as the name of the role changes from Admin
to admin
then.)