Splunk Search

I want to provide read permission only one app not to all apps to a particular role


I want to provide read permission for only one app not all apps to a particular role and in my environment under apps permissions, I can see everyone(all roles) have read access. I don't want to make changes to all apps permission but wanted to manage if I can configure in one role or one app permissions so that all users under that role should only have read permission to one app and he won't be able to see other apps.

Labels (2)
Tags (3)
0 Karma



i don’t know any easy way to do this like “allow all other roles than this”. Splunk’s way is allow for named roles or to all. This has done via *.meta files https://docs.splunk.com/Documentation/Splunk/8.2.4/Admin/Defaultmetaconf.  Basically you could do this by naming all other roles on all others apps meta files, but this is not a practical solution.

r. Ismo

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...