I need to give read access to all apps for a certain role. How can I do that?
Hi! Did you ever find out if there was a way of doing this? I have the same problem.
create a user role in authorize.conf with proper capabilites. Map the user role with the proper AD group (you belongs to ) in authentication.conf .
optional: you can add this splreadaccess_user in default.meta. Because your role has inherited user and power role. so that you can read all apps.
for e.g,
authorize.conf
[role_splreadaccess_user]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = power;user
srchIndexesAllowed = *
srchIndexesDefault = *
srchMaxTime = 0
use_file_operator = enabled
authentication.conf
splreadaccess_user = adgroup1
I'm reading your question as, "I need to set up a role which will have read access on all apps." Did I get that right?
Absolutely - that's right.
Any thoughts on that?
I think your looking for something like this,
http://docs.splunk.com/Documentation/Splunk/6.1/admin/Defaultmetaconf
You can set the default permissions for apps.
Good but I prefer not to get into each single app and do it... if possible ; -)
That defaultmetaconf should apply to all apps unless they have something else specified for the specific app to overwrite that one.