I have one role which has Restrict search terms as
then how this user having this role can access
$table="Perf" data. How he can get access to all data from calculated fields
but I am not able to achieve what eval function need to be created.
As I am using OMS add-on so it has 1 source, 1 host and 1 sourcetype so in calculated fields
* won't help.
Do not use this feature; it is easy to bypass so paper-thin as to be useless. The only true access-control is denying access to particular index values.
yes I can understand that there will be security issue I just wanted to understand How to bypass take access to all data using calculated fields ...as I was trying to create calculated fields to bypass access but unable to do so as I have only 1 host, source and sourcetype.
If the restriction requires a field, then create a
calculated field that defines it; if it requires the field not to exist, create a
calculated field that sets it to
null(). Boom! Bypassed.