Security

Steps to Edit Role and control access to specific Indexes

imhof
Engager

In Settings> Access Controls > Roles (edit a role), then Indexes,
The All non-internal indexes checked under Included by default, then main is checked under Default.

To limit a Role's access to specific indexes, are the steps to a) deselect All non-internal indexes, then b) check each Index individually under Included (and Default if desired)?

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...