I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from admin down to power. The issue is that whenever I attempt to do this&n...
...ention not to edit/modify the base user roles, and i wanted to know if it is safe to remove the view all non-internal indexes from the default roles.
My tests showed that if i inherit the base user role...
...ailed to authenticate. Status Code="Responder" Check Splunkd.log for more information about the failure." I enabled web debug and it shows SSO Enabled as No. The certificate has not expired. I removed a...
Hi splunkers,
i know how we can restrict users from export data in splunk web.
Does anyone happens to know , how can we restrict users from export data via RestAPI, CLI ?
...ant to see. If I can consolidate the lookup table, it will fix my issue, but I can't figure out how to do it. The table currently looks like this:
Org
Branch
Role
Name
Org A
Branch 1...
I found http://answers.splunk.com/answers/202990/how-to-get-ldap-group-name-by-using-query-or-rest.html so I can create/list ldap strategies. However, I need to be able to:
list groups + rolemappings...
...the other roles, such as splunk-system-role. Or I have some with power and a custom role and I want to keep the custom role but remove power. Won't let me and they are only in the AD group map...
Hi, all the splunk gurus out there.
Recently we added a new role and we couldn't see the users with the role when logged in as admin.
So we took out "grantableRoles = admin" option on "/etc/s...
We have peers added to search heads, but users are able to search all the indexes on the peers.
We want to restrict some users so that they can access only certain indexes.
Is it possible with e...
Hi,
I wanted to create a user account having only access to ES-APP and within which he needs to have access to only incident review, Security Posture, Intrusion Center (present in Security doma...