Security

Steps to Edit Role and control access to specific Indexes

imhof
Engager

In Settings> Access Controls > Roles (edit a role), then Indexes,
The All non-internal indexes checked under Included by default, then main is checked under Default.

To limit a Role's access to specific indexes, are the steps to a) deselect All non-internal indexes, then b) check each Index individually under Included (and Default if desired)?

0 Karma
1 Solution

harsmarvania57
Ultra Champion

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

View solution in original post

harsmarvania57
Ultra Champion

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...