Security

How to restrict user to create new Alerts

Path Finder

Hi Experts,

I create one app for monitoring purpose, in this app I am showing stats and feature of different application.
For search purpose I also added "search" in the navigation menu.
For that app I created different user for watch and monitor. But in the search menu the user have options to save the search as a Alert and forward the events to the mail box using Send Mail in alert.
How I restrict user to create new Alerts, what is the right way to create role and capabilities with different functionality?

Thanks

0 Karma

SplunkTrust
SplunkTrust

@arunkantsharma ,

schedule_search is the capability which enables the user to save search as alert.

schedule_search 
    Lets the user schedule saved searches, create and update alerts, and review triggered alert information.

So if you do not want to give schedule_search permissions, create a separate role, add only the required permissions and assign the role to the user.

Refer Table of Splunk platform capabilities for more details about splunk roles & capabilities

0 Karma