Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I want to provide read permission only one app not to all apps to a particular role

bapun18
Communicator
‎02-02-2022 09:18 AM

I want to provide read permission for only one app not all apps to a particular role and in my environment under apps permissions, I can see everyone(all roles) have read access. I don't want to make changes to all apps permission but wanted to manage if I can configure in one role or one app permissions so that all users under that role should only have read permission to one app and he won't be able to see other apps.

Labels (2)
Labels
Tags (3)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-02-2022 01:24 PM

Hi

i don’t know any easy way to do this like “allow all other roles than this”. Splunk’s way is allow for named roles or to all. This has done via *.meta files https://docs.splunk.com/Documentation/Splunk/8.2.4/Admin/Defaultmetaconf.  Basically you could do this by naming all other roles on all others apps meta files, but this is not a practical solution.

r. Ismo

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...