Splunk Enterprise Security

In Splunk Enterprise Security, how do you create a user role with ready-only access?

sesharao92
Explorer

Is there any way to create a user role with read-only access to a specific set of indexes?

0 Karma

mayurr98
Super Champion

Have a look at this, might be useful to you:
https://answers.splunk.com/answers/10582/permissions-on-indexes-and-sourcetypes.html

let me know if this helps!

0 Karma

bangalorep
Communicator

You can create a role with only read access. You can go to settings >> access control >> roles
You can know more from the following link
https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/Aboutusersandroles

0 Karma

ddrillic
Ultra Champion

Interesting thing as Splunk roles are designed for read access, not for write access and each role has read access to a set of indexes.

If we look at About users and roles

It defines the user role as -

-- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...