Is there a way to not allow users to create private searches (and other knowledge objects) in an app?
Hi,
I dont think it is possible to restrict the user from creating their own private search however, you can restrict ability to write to the search app by disabling write permissions in the app.
UI > manage apps > search & reporting > permissions> remove write capabilities for roles as desired.
HI,
why are you trying to do this? Knowledge objects are going to be saved from whatever app context the user is within when they are created.
If you want to force user to save KO within a certain app context, you could create deparment apps and new roles with this apps as default.
By default only Power user and Admin have write permission the Searching&Reporting app, so any user will have private objects.
Do you mean I can set a default app for all users, where all private KO's are automatically saved? This would be a workable solution for my problem. How would one do this?
The reason I want this is rather complex. Suffice it to say that it is important for me that all KO's that are necessary for the functionality of an app (such as saved searches that fill lookups and summary indexes) are within the app directory; not in etc/users/apps/*.
Hi,
this is how you set app as default app https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/ConfigureSplunktoopeninanapp
Just create new role e.g. "security team", create a new app in splunk web with barebone temple an name it "security team" than go back to your new security team role and set as default app "security team" app.
This does not seem to work. It sets the default app shown upon login, but if I for example save a search from the Launcher app with a user whose default app is Search, the report is still saved as a private search within the Launcher app, not the Search app.
Thats correct, its not "preventing" the user BUT its "help" the user to start off in the correct app/context. The rest would be education of the user and tell them not to save staff outside there team app.
You could also eddit the permissions for search and launcher app from everyone to admin only, and the user is not able to leave the team app
Ik do not want to restrict users from viewing most apps, just prevent them (and even the app developers) from saving private KO's in them.
KO are private shared as default, so I can´t think about an easy way to get there..
maybe something custom.