I would like to create a role which has the following attributes:
This is because users have a tendency to pick the 'per-event' alerting option when creating alerts, which creates all-time, real-time searches. I want to prevent them from being able to do so, as it's very uncommon for a realtime alert to have appreciable value over a scheduled search running on a short interval.
schedule_rtsearch capability is actually included in the [default] stanza of authorize.conf, meaning it is always enabled on any roles without having to inherit. Because capabilities only have one setting (enabled) I can't create a role with
schedule_rtsearch=disabled to override that default.
Is there any way to disable this functionality?
As discussed in irc:
Make your own
[default] schedule_rtsearch =