I am trying to figure out which Role Capability controls being able to use a lookup in a query. If I select all the capabilities then the role certainly can query a lookup. However if I select only the capabilities that I want the role to have, they lose the ability to query the lookup. Looking at the documentation (https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/Rolesandcapabilities) it does not specify which capability allows for the querying of a lookup.
HI @dglass0215 ,
It depends on what permission you will give to the lookup file. If you give only admin and power user roles to read and write the lookup. Then the user needs a power user role to access the lookup files.
But if you give read access for everyone. Then user role will be sufficient to access the lookup in the query.
I think I found the problem but I do not know the solution. While I have given read permission to the lookup specifically for the custom Role, the role does not have permission to the app that created the lookup. Not sure what I can do. I definitely DO NOT want the role to have access to the app but I need the role to be able to query the lookup.