Security

Default permissions for searches/tags/eventtypes/etc.

Communicator

Is it possible to set a default permission for searches/eventtypes/tags/field extractions/etc.? When we're creating these various objects we usually immediately change the permissions from private to application (search). Is there a way this can be done by default or automatically?

Tags (1)

Explorer
0 Karma

Explorer

Listen up Splunk guys. The permissions screens need a bulk change option or some check boxes to apply similar settings to multiple objects. Sharing a dashboard after creating all the extractions, searches, and views can be painful in the UI.

E.

Communicator

This post was made close to a year ago.

We would very very much like this feature. Right now, we have to manually go through every single object - one by one, to even verify that the permissions are what they should be.

It is extremely painful and time consuming.

Splunk Employee
Splunk Employee

as far as i know, it is not possible through the UI

You could create the .conf files under the wanted app by editing the configs manually. Then they will be explicit to the app (user or system) as you desire.

/etc/apps/your-app/local vs /etc/users/your-user/your-app/local vs /etc/system/local

Cheers!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!