Splunk Search
Highlighted

How to disable search in a specified index for certain groups of users?

Explorer

Hello.

I have a simple question:

I would like to have a specified index with sensitive data in it, however, I don't want every user to have access to it - only a few. How can I do it?

Do I create a custom users group?

Bests,
- F.

0 Karma
Highlighted

Re: How to disable search in a specified index for certain groups of users?

SplunkTrust
SplunkTrust

You control access to indexes based upon roles.

So you create a new role group, and add the access to the index to the role group. Then you add the users to the role group.

http://docs.splunk.com/Documentation/Splunk/6.4.0/Security/Aboutusersandroles

View solution in original post

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.