Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to restrict user to create new Alerts

arun_kant_sharm
Path Finder
‎07-23-2019 05:41 PM

Hi Experts,

I create one app for monitoring purpose, in this app I am showing stats and feature of different application.
For search purpose I also added "search" in the navigation menu.
For that app I created different user for watch and monitor. But in the search menu the user have options to save the search as a Alert and forward the events to the mail box using Send Mail in alert.
How I restrict user to create new Alerts, what is the right way to create role and capabilities with different functionality?

Thanks

0 Karma
Reply

renjith_nair
Legend
‎07-24-2019 05:54 AM

@arun_kant_sharma ,

schedule_search is the capability which enables the user to save search as alert.

schedule_search 
    Lets the user schedule saved searches, create and update alerts, and review triggered alert information.

So if you do not want to give schedule_search permissions, create a separate role, add only the required permissions and assign the role to the user.

Refer Table of Splunk platform capabilities for more details about splunk roles & capabilities

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...