Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Remove a field from certain roles view

celdridge1988
Engager
‎02-18-2020 05:35 AM

Hi Everyone,
The scenario here is:

Email data being ingested by Splunk. We want to be able to give access to this index to a number of people but confidential information is sometimes presented in the subject line of an email and the subject is a part of the log.

Is it possible to block just this field on certain roles but not all?

Thank you 🙂

0 Karma
Reply

manjunathmeti
Champion
‎02-18-2020 05:52 AM

If a role gets access to an index then user of that role can search all the fields of that index. Access can't be controlled on field names. Best thing you can do is write a search to anonymize or remove confidential fields and write output to a summary index and give access to summary index to restricted roles.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...