In the Lookup File Editor App, can you help me wit...

jacqu3sy · ‎02-07-2019

Hi,

When having lookups contained within an app, is it possible to set user permissions at the 'app' level as opposed to editing the .meta file contained within the app for each individual lookup?

We have two groups of end users. I would like to create an app for each, so that lookups used by each group are stored within the relevant app.

Then, rather than have to edit the default.meta every time a new lookup is added to provide that group write access, I'd like to set the permissions against that app, so that the permissions are inherited down to the lookups contained within.

Any ideas?

LukeMurphey · ‎02-07-2019

Splunk's management interface allows you to edit lookup table permissions in the UI.

Click "Lookups" from the "Settings" menu at the top right of Splunk
Select "Lookup table files"
Click "Permissions" next to the lookup you want to edit.

Additionally, the Lookup File Editor app includes a link to adjust permissions in the lookup list (see the link for "Edit Permissions"):

Vijeta · ‎02-07-2019

You can change permissions on the SPlunk UI, Settings->Lookups->Lookup table files. You have Sharing column under which you can change permissions . Is that what you are looking for?

In the Lookup File Editor App, can you help me with the lookup permissions?

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience