how can i add permission or role for users using autorize.conf ?


i have some user need to update her own application splunk and i want to affect her the permission to update specific applications.

what's the config can edit it on autorize.conf to affect to user only update to specific project?

0 Karma


You have to create a Splunk role for these users and then give access rights to this role to the specific apps and objects in app.
The best (and more secure!) way to do this is via GUI [Apps -- Manage Apps -- Show Objects] but it's very slow if your app has many objects (you have to manually modify one by one all of them).
in this way, you could modify (with much attention!!!) $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta giving rights access to the new role:

  • give role access rights via GUI to the first object
  • in $SPLUNK_HOME/etc/apps/yourapp/metedata/local.meta modify the row (when exists) access = read : [ * ], write : [ admin, power ] with the new role, copying the correct Access Rights from the first object you modified via GUI in every stanza (each stanza is an App object);
  • restart Splunk.


.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!