Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is there a `umask` setting for splunk objects? (Default object permission)

Lowell
Super Champion
‎06-29-2010 05:55 PM

Is it possible to tell splunk what the default permissions should be when an object is created from the Splunk UI?

The best analogy I could think of is the unix "umask" tool that sets a mask for which permissions can be given to a newly created file by default. I'm wondering if there is any such concepts for objects created from within splunk.

For example, new objects are created privately by default. Which works well for many things, but it can be a serious pain when creating new tags, for example. (And even worse when tagging a newly created eventtype.) So is it possible to setup splunk to make tags application-level (or global-level) when they are created, instead of making them private by default?

I know you can setup a default.meta in your own custom app with something like this:

[tags]
access = read : [ * ], write : [ power ]
export = system

Which will make any existing tag in tags.conf (that have no explicit meta entry) readable to all, across all apps, and modifying to the "power" role, however newly created tags are just private. Can this be configured?

Tags (3)
Reply

carasso
Splunk Employee
Splunk Employee
‎01-03-2011 06:43 PM

It's a good suggestion.

Somewhat related -- in Splunk 4.2, the Saved Search dialog allows you to specify the permissions. You can specify either:

  • Keep search private
  • Share as read-only to all users of current app
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...