Security

Restrict access to Savedsearches for specific roles

rijutha
Explorer

Hi,

I have many savedsearches running in my environment that are regularly writing data to summary indexes and metric store. And some savedsearches that are just meant to perform the basic search function.

I have restricted savedsearches read access to all users in the environment except those who belong to the admin role. However I would like to grant read access to some savedsearches to a specific role/group. I tried the below however that does not work. The users given access to the search -Summary_Find cant see any savedsearches.

[savedsearches]
access = read : [ dev, admin, power ], write : [ admin, power, dev ]
export = none

[savedsearches/Summary_Find]
access = read : [ admin, business_admin, dev, support, power ], write : [ admin, dev, power ]
export = none
owner = nobody

Please do let me know if there is a solution to do this in Splunk.

0 Karma

woodcock
Esteemed Legend

Go to Settings -> Searches, reports, and alerts, select All for every dropdown and search for your search in the search box. When you find it, click the Edit permissions item in the Edit link, modify to suit, and click Save.

0 Karma

vishaltaneja070
Motivator

@rijutha

you can provide access on a particular roles directly by editing permission of a report on Splunk UI.

0 Karma

rijutha
Explorer

@vishaltaneja07011993 Thanks. I was looking for an easy way to do this instead of setting individual permissions for every searche. I have 73 of them. And I only want some searches about 3-4 to be given read access to used other than admin/power/dev.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...