Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can we specify authorization at data input level?

alankar
Engager
‎06-23-2010 10:15 PM

How can we specify authorization at data input source level? Like I created a TCP source, but I want it to be available (while searching) to a specific group/role/user only. Not for everyone.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎06-23-2010 10:25 PM

You could specify a custom index within the input configuration. For example:

[monitor:///var/log/custom.log]
index = special

You can then create a custom role which allows only access to this index by modifying authorize.conf:

[role_custom]
importRoles = user
srchIndexesDefault = special
srchIndexesAllowed = special

To ensure other roles are unable to access this special index, you should verify that the srchIndexes* settings do not specify * or the special index.

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎06-23-2010 10:25 PM

You could specify a custom index within the input configuration. For example:

[monitor:///var/log/custom.log]
index = special

You can then create a custom role which allows only access to this index by modifying authorize.conf:

[role_custom]
importRoles = user
srchIndexesDefault = special
srchIndexesAllowed = special

To ensure other roles are unable to access this special index, you should verify that the srchIndexes* settings do not specify * or the special index.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...