Security

how to disable "ALL time" for user role

Path Finder

hello

i have created a customized role simple_user and assigned users to. i also wanted to disable "all time" option from search bar for the user in simple_user role.

can any one help me how to configure it?

0 Karma
1 Solution

Communicator

Hi,

Not exactly what you're after but you can set the maximum time window for a search using srchTimeWin = <time_in_seconds> in authorize.conf.

For example, if you didn't want anyone with the simple_user role to be able to search a timeframe over a year then you would add the following:

[role_simple_user]
srchTimeWin = 31536000

Note that the stanza title is in the format role_<role_name>.

Hope this helps.

View solution in original post

Communicator

Hi,

Not exactly what you're after but you can set the maximum time window for a search using srchTimeWin = <time_in_seconds> in authorize.conf.

For example, if you didn't want anyone with the simple_user role to be able to search a timeframe over a year then you would add the following:

[role_simple_user]
srchTimeWin = 31536000

Note that the stanza title is in the format role_<role_name>.

Hope this helps.

View solution in original post

Path Finder

Thanks your answer helped me.

but i don't want to show the option of All Time for users except ADMIN user. is it possible??

0 Karma

Communicator

You're welcome.

Unfortunately I am not aware of an configuration in Splunk that allows you to do that.

You can remove it from dashboards, but not from searches / reports.

0 Karma