|
Is it possible to tie Splunk applications to authorizations groups? I would like to have AD authenticated users inherit rights to specific applications according to their AD group|distribution list|Exchange mailbox memberships. |
|
Yes. Applications have permissions that can be either set directly in the $SPLUNK_HOME/etc/apps/myappsname/metadata/*.meta file(s), or via the GUI in "Manager>Apps>Permissions" for the app in question. "read" access will allow a role to see and use the app. "write" will allow them to create objects in the app. Objects within an app (searches, views, etc) may have permissions differing from the app's permissions, but generally they will inherit from the app as well. http://www.splunk.com/base/Documentation/latest/Developer/default.meta http://www.splunk.com/base/Documentation/4.1/Admin/Defaultmetaconf |
