We are using Splunk Enterprise 9.0.1 OnPrem, with Splunk App for Lookup File Editing version 3.6.0.
We need to get a user to modify a column in a lookup, so we give him access and capabilities to do so.
But we dont want this user to have the power to modify all the columns in that lookup.
Is there anyway that we can restrict which columns a user can edit?
Here is an open idea for this feature request: https://ideas.splunk.com/ideas/APPSID-I-529.
Please vote if you consider it is useful.
That's not a current feature of the Lookup File Editing app. Read/write access to a lookup file is all or none. Go to https://ideas.splunk.com to suggest column access controls.