Splunk Search

Can access restrictions be put on a lookup automatically upon creation?

jaburke1
Path Finder

Can access restrictions be put on a lookup automatically upon creation?

For example: User A creates a lookup <-- can this lookup be automatically restricted so that User B can not search the contents ?

I know this can be done manually by setting the read permissions (select roles) on the lookup but is there a way to automatically set the permissions to be restrictive upon creation?

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

When user upload csv file to splunk by default permission will be private so only user who uploaded file can access this.

For second option, during search time when you create lookup file & if that lookup file does not exist in splunk then default App permission will be applied to that lookup file and shared at app level. As far as I know there are no other automatic ways to achieve this.

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

When user upload csv file to splunk by default permission will be private so only user who uploaded file can access this.

For second option, during search time when you create lookup file & if that lookup file does not exist in splunk then default App permission will be applied to that lookup file and shared at app level. As far as I know there are no other automatic ways to achieve this.

0 Karma

jaburke1
Path Finder

Ok thank you very much!

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Welcome 🙂

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

As you mentioned that "upon creation", how User A creating lookup For example: Uploading lookup or creating lookup using search query ?

0 Karma

jaburke1
Path Finder

Any ideas for either or both situations would be appreciated! (but I believe the main concern was for when a lookup was created using search query). Thanks!

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...