Hi,
Once a view is created and made private, does a power user have the ability to change the permissions? I have some users who can't change permissions after saving the original item as private.
Roles are implemented within Splunk with different capabilities : http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_ca...
If the power user you're talking about has the proper capability, (s)he'll be able to change Permissions.
Another possibility is to do that directly by editing the .conf files within the user's directory.
Roles are implemented within Splunk with different capabilities : http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_ca...
If the power user you're talking about has the proper capability, (s)he'll be able to change Permissions.
Another possibility is to do that directly by editing the .conf files within the user's directory.
Bingo. We implemented new roles with 6.1.1 and this user was put in a different role. All set. Thanks.
Does the view belong to the user who marked it private? If they didnt create the view they wont see it after they mark it private because it's private to owner not the person who marks it private.
I think this would reveal the permissions issue if it existed: index=_internal ( source="*splunkd.log" ) ( log_level="ERROR" )
You should see something like "file not found", "permission denied" etc.
My guess it's a file permissions issue:
If splunkd was running as root when the view was created. That would make the .conf file owned by root. Then if the current owner of splunkd has changed to something like splunk_daemon_service_account, splunkd wouldnt be able to edit the file.
He is listed as the owner, but Permissions link isn't there.