What Capabilities do I need to enable so a user ca...

talbot7 · ‎08-17-2012

What Capabilities do I need to enable so a user can change sharing permission on their searches?

mattness · ‎08-17-2012

Talbot7: The ability to manage sharing permissions for knowledge objects (such as saved searches, alerts, dashboards, tags, event types, and so on) is controlled at the app level. There are no capabilities involved.

As an Admin, click the Apps menu in the Splunk bar and click Manage Apps. Find the app that you want to adjust permissions for and open its Permissions settings. This opens the Permissions dialog for the app, where you determine which roles have read and write permissions for the knowledge objects contained within that app. Give your User role Write permissions for the app if you want them to be able to share knowledge objects such as saved searches.

Warning: Roles that have write permissions to an app can also delete knowledge objects belonging to that app.

For future reference I've added documentation about this functionality here: http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Manageknowledgeobjectpermissions#Enable...

lim2 · ‎02-23-2022

Hi @mattness assigned a savedsearch which admin created to a non-power userid which has a role to write to the savedsearch and to the app in which the savedsearch is in. But userid still cannot see the Edit button. What is missing?

What Capabilities do I need to enable so a user can change sharing permission on their searches?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...