Hi,
I have one role which has Restrict search terms as index=abc $table="azuredignostics"
then how this user having this role can access $table="Perf"
data. How he can get access to all data from calculated fields
but I am not able to achieve what eval function need to be created.
As I am using OMS add-on so it has 1 source, 1 host and 1 sourcetype so in calculated fields *
won't help.
Do not use this feature; it is easy to bypass so paper-thin as to be useless. The only true access-control is denying access to particular index values.
yes I can understand that there will be security issue I just wanted to understand How to bypass take access to all data using calculated fields ...as I was trying to create calculated fields to bypass access but unable to do so as I have only 1 host, source and sourcetype.
If the restriction requires a field, then create a calculated field
that defines it; if it requires the field not to exist, create a calculated field
that sets it to null()
. Boom! Bypassed.