Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Report on users & roles

chris
Motivator
‎09-08-2011 12:34 AM

Is there an easy way I can list & export all users that have a certain role or that have access to a certain index or a certain capability?

It would be nice if I could do something like:

| metadata type=users

or
index=_users role=xy

or any other method would be ok

Tags (3)
0 Karma
Reply

Ant1D
Motivator
‎09-13-2011 03:14 AM

The following search will show you what capabilities each user has used within the timeframe that you set:

index=_audit user=* action=* | dedup user action | stats list(action) AS actions by user

Reply

chris
Motivator
‎09-21-2011 09:02 AM

Thanks for looking into this.

0 Karma
Reply

Ant1D
Motivator
‎09-21-2011 03:41 AM

I had a look at this earlier today. I haven't had much luck. There doesn't appear to be a straightforward way of achieving this format of mapping.

0 Karma
Reply

Ant1D
Motivator
‎09-14-2011 06:00 AM

Makes sense. I will have a go when I get a minute.

0 Karma
Reply

chris
Motivator
‎09-14-2011 02:25 AM

Thank you for your answer. It kind of helps. I guess the real requirement behind my question is the following: The owner of some data that is in Splunk wants to know who had access to "his" data (=index) at a specific point in time and if the person has read only or also delete priviledges & what priviledges have been used. So you answer helps in showing what priviledges have been used. But I would also like to have a index to role to user mapping ... does that make sense?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...