Security

Steps to Edit Role and control access to specific Indexes

imhof
Engager

In Settings> Access Controls > Roles (edit a role), then Indexes,
The All non-internal indexes checked under Included by default, then main is checked under Default.

To limit a Role's access to specific indexes, are the steps to a) deselect All non-internal indexes, then b) check each Index individually under Included (and Default if desired)?

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Yes that is correct way and I will suggest to create new role instead of editing default roles like user, power, admin. If you are planning to inherit role then indexes allowed in inherited roles are also apply to new role.

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...