Security

Steps to Edit Role and control access to specific Indexes

imhof
Engager

In Settings> Access Controls > Roles (edit a role), then Indexes,
The All non-internal indexes checked under Included by default, then main is checked under Default.

To limit a Role's access to specific indexes, are the steps to a) deselect All non-internal indexes, then b) check each Index individually under Included (and Default if desired)?

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...