Security

How do I prevent some users from running the collect command?

Path Finder

I want to be able to prevent some users from using the collect command. How to do that? Is there a capability that controls whether or not a user has permission to run collect?

1 Solution

Champion

ok, this is an old topic and it seems at that time of 2015 this feature was not there..

and now, authorize.conf gives a way to grant/remove this collect command from a user...

[capability::run_collect]
* Lets a user run the collect command.

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Authorizeconf

(at this time of this writing the current splunk version is 7.1.2)

Splunk Employee
Splunk Employee

Verified that the collect command is connected to the authorize.conf permission [capability::indexes_edit]

0 Karma