Hi,
I want to restrict field extraction capability to users in Splunk system. I want to provide this capability just to Admin users.
If this is not possible , can users create private extractions and only admin can make them global - just trying to put control around the splunk system,
thoughts?
can users create private extractions and only admin can make them global
This is exactly how it works. As long as the users do not have write access to the apps, they will only be able to create private objects.
@solarboyz1 -What is the name of capability that can control write access to the apps? Could you please share
Its not a capability, it's permissions on the app.
App dropdown -> Manage Apps -> {Selected App} Permissions
It lists the roles, and if the have read and/or write permissions.
thanks , so I have READ permission to Everyone and Write permission to Admin and Power user only.
But Still I see "normal user" can create global field extractions.
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Apparchitectureandobjectownership
To make an object global the user requires the capability:
admin_all_objects capability