Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to restrict user to create new Alerts

arun_kant_sharm
Path Finder
‎07-23-2019 05:41 PM

Hi Experts,

I create one app for monitoring purpose, in this app I am showing stats and feature of different application.
For search purpose I also added "search" in the navigation menu.
For that app I created different user for watch and monitor. But in the search menu the user have options to save the search as a Alert and forward the events to the mail box using Send Mail in alert.
How I restrict user to create new Alerts, what is the right way to create role and capabilities with different functionality?

Thanks

0 Karma
Reply

renjith_nair
Legend
‎07-24-2019 05:54 AM

@arun_kant_sharma ,

schedule_search is the capability which enables the user to save search as alert.

schedule_search 
    Lets the user schedule saved searches, create and update alerts, and review triggered alert information.

So if you do not want to give schedule_search permissions, create a separate role, add only the required permissions and assign the role to the user.

Refer Table of Splunk platform capabilities for more details about splunk roles & capabilities

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...