Solved: How to restrict access to knowledge objects for us...

sbarinov · ‎07-16-2018

Hello all,

Is it possible in Splunk to restrict user of accessing the "Knowledge" settings?
I want to disable certain roles to create event types.

Thank you.

CarsonZa · ‎07-16-2018

i dont believe its possible to stop the user from creating their own private knowledge object however, you can restrict ability to write to the search app by disabling write permissions in the app.

manage apps>search & reporting>permissions> untick write for roles as desired.

again the user can save ko to use themselves but can not save them to the app without facing an error message.

View solution in original post

CarsonZa · ‎07-16-2018

i dont believe its possible to stop the user from creating their own private knowledge object however, you can restrict ability to write to the search app by disabling write permissions in the app.

manage apps>search & reporting>permissions> untick write for roles as desired.

again the user can save ko to use themselves but can not save them to the app without facing an error message.

sbarinov · ‎07-17-2018

Thanks, looks like this is what I need.

somesoni2 · ‎07-16-2018

You can find the list of capabilities that you can turn on/off for a role, here:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/Rolesandcapabilities#List_of_capabilities

How to restrict access to knowledge objects for users?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How to restrict access to knowledge objects for users?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits