Security

How do I prevent some users from running the collect command?

ben363
Path Finder

I want to be able to prevent some users from using the collect command. How to do that? Is there a capability that controls whether or not a user has permission to run collect?

1 Solution

inventsekar
Super Champion

ok, this is an old topic and it seems at that time of 2015 this feature was not there..

and now, authorize.conf gives a way to grant/remove this collect command from a user...

[capability::run_collect]
* Lets a user run the collect command.

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Authorizeconf

(at this time of this writing the current splunk version is 7.1.2)

alanden_splunk
Splunk Employee
Splunk Employee

Verified that the collect command is connected to the authorize.conf permission [capability::indexes_edit]

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.