Security

Index view permission for admin user from one of search heads. Restrictions possible ?

Contributor

Hey guys, i have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!

0 Karma

Path Finder

Hello @highsplunker

You should create roles if you want that in Access control.

0 Karma

SplunkTrust
SplunkTrust

Access to indexes is controlled by role. The only way to restrict access from a given SH is to have separate roles on that SH that do not grant access to the restricted index. Since SHs in a cluster share configurations, the only way to have separate roles is to have an SH that is not part of the cluster. You'll need to create a new SH or split one off the cluster (assuming you currently have more than 3 in the cluster.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Contributor

Ok! Thanks!

0 Karma