Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Set App permissions

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6

Set App permissions

Objects in an App have access controls set by role. Use access controls to set which users can read and write to which objects. Currently, object types include:

  • saved searches
  • event types
  • search commands
  • views
  • pages in Splunk Manager
  • dashboards
  • view collections

Set permissions in Splunk Manager

You can set permissions on a per-object basis in Splunk Manager. Follow these instructions:

  1. Navigate to Splunk Manager.
  2. Click on one of the object pages on the right-hand side. For example Saved searches. You can also pick All configurations if you want to set permissions on all the configurations in a given app.
  3. Click the permissions link.
  4. Set permissions to read/write for all the roles listed.
  5. Click save.

Set permissions in the back-end

Use default.meta to set read and write permissions for all the objects in your App. Follow these instructions:

  1. Add default.meta to your App's default directory: $SPLUNK_HOME/etc/apps/<app_name>/metadata/default.meta.
  2. Then, edit this file to set permissions for any object in the App.
  3. Add an entry for each object, or all objects of a type: 
[/<owner>/<App>/<object_type>/<object_name>]
access = read : [ <comma-separated list of roles>], write : [ comma-separated list of roles>]
  • The owner is the user that created the object. For default and global objects, this is often "nobody."
  • The App is whatever app directory the object lives in.
  • Object type can be one of the above-listed types (saved searches, event types, views, etc).
  • The object name is whatever name you gave to your saved search, view, event type, etc.

Set permissions per object

You can set permissions on a per-object basis by explicitly naming the object. For example, this entry gives the admin role read and write permissions for the "Splunk errors in the last 24 hours" saved search: 

[/nobody/search/savedsearches/Splunk%20errors%20last%2024%20hours]
access = read : [ admin ], write : [ admin ]

Set permissions for all objects of a type

You can also set permissions for all objects of a given type. This entry grants read permissions to everyone and write permissions to admin and power roles for all event types in the App: 

[/nobody/search/eventtypes]
access = read : [ * ], write : [ admin, power ]

Make objects globally available

By default, objects are only visible within the App they were created in. So if you create an event type in your helloworld App, it will show up within that App. To make an object available to all Apps, add the following line to the object's entry in default.meta: 

export = system

For example: 

[/nobody/helloworld/eventtypes]
access = read : [ * ], write : [ admin, power ]
export = system

This will make all event types in helloworld viewable in every App in your Splunk install.

Retrieved from "http://www.splunk.com/base/Documentation/4.0.6/Developer/default.meta"
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.