Many times, our users create alerts/reports with the cron expression as * * * * * or */1* * * *.
* * * * *
*/1* * * *
And we have to chase the users with back and forth emails and lots of confusion.
So, to avoid these issues, it would be better that if we could restrict users by their roles/capabilities with the cron expressions.
Please if you have some ideas/workarounds.
one idea would be ...
From Answer by @the_wolverine and @strive
Set the capabilities for roles in authorize.conf configuration file
schedule_search = disabled
(requires save and restart)
By default all the capabilities are disabled.
Roles inherit all capabilities from imported roles, and inherited capabilities cannot be disabled.
From - https://answers.splunk.com/answers/150358/how-to-limit-some-user-roles-from-running-scheduled-search...
View solution in original post
Hi All... any suggestions, ideas please
Hi All... any suggestions, ideas please..