Security

how to disable "ALL time" for user role

AzmathShaik
Path Finder

hello

i have created a customized role simple_user and assigned users to. i also wanted to disable "all time" option from search bar for the user in simple_user role.

can any one help me how to configure it?

0 Karma
1 Solution

hhGA
Communicator

Hi,

Not exactly what you're after but you can set the maximum time window for a search using srchTimeWin = <time_in_seconds> in authorize.conf.

For example, if you didn't want anyone with the simple_user role to be able to search a timeframe over a year then you would add the following:

[role_simple_user]
srchTimeWin = 31536000

Note that the stanza title is in the format role_<role_name>.

Hope this helps.

View solution in original post

hhGA
Communicator

Hi,

Not exactly what you're after but you can set the maximum time window for a search using srchTimeWin = <time_in_seconds> in authorize.conf.

For example, if you didn't want anyone with the simple_user role to be able to search a timeframe over a year then you would add the following:

[role_simple_user]
srchTimeWin = 31536000

Note that the stanza title is in the format role_<role_name>.

Hope this helps.

AzmathShaik
Path Finder

Thanks your answer helped me.

but i don't want to show the option of All Time for users except ADMIN user. is it possible??

0 Karma

hhGA
Communicator

You're welcome.

Unfortunately I am not aware of an configuration in Splunk that allows you to do that.

You can remove it from dashboards, but not from searches / reports.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...