Hi
I am some confuse the documentation for Role Based Field Filtering as following.
https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/planfieldfiltering
from the documentation, the restricted command (tstats) return sensitive data that a role with field filters might not be allowed to access and it is very risky that someone with malicious intentions tries to use them to circumvent role-based field filtering.
it provide the workaround that assign one of two capability to role that have field filter.
the one of capability is he run_commands_ignoring_field_filter.
here is my question, user_A have a role that include run_commands_ignoring_field_filter capability and configured field filtering and User_A run tstats to search information which include field that required masking, what happen in the result result?
I wonder if it show sensitive data or making data ?
thank you in advanced.
These commands can return sensitive data that a role with field filters might not be allowed to access. They might pose a potential security risk for your organization if someone with malicious intentions tries to use them to circumvent role-based field filtering. As a result, the Splunk platform restricts these commands when used by people with roles that are configured with field filtering.