Solved: Disable Report Acceleration for Specifc Roles - ho...

t9445 · ‎01-23-2014

[Were running v6.0.1]

Hi, quick question please, from the documentation if we want to disable a user-role from being able to enabe report-acceleration on saved-searches -- we have to disable the schedule_search capability as well.

e.g. from the docs -- schedule_search: Schedule saved searches, create and update alerts, review triggered alert information, and turn on report acceleration for searches.

However, is there a way to allow a user-role to schedule saved searches, etc. - however NOT be able to enable report-acceleration on their searches?

Appreciate any tips

thanks

drrushi_splunk · ‎10-15-2014

A new capability was introduced in version 6.1 which specifically enables/disables the accelerate feature.
In authorize.conf or via the UI role management page you could set the 'accelerate_search' capability.
In previous versions there is not an easy way to disable this option.

View solution in original post

drrushi_splunk · ‎10-15-2014

A new capability was introduced in version 6.1 which specifically enables/disables the accelerate feature.
In authorize.conf or via the UI role management page you could set the 'accelerate_search' capability.
In previous versions there is not an easy way to disable this option.

Disable Report Acceleration for Specifc Roles - however do not disable report scheduling?

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Enterprise Security Content Update (ESCU) | New Releases