Hi,
I have many savedsearches running in my environment that are regularly writing data to summary indexes and metric store. And some savedsearches that are just meant to perform the basic search function.
I have restricted savedsearches read access to all users in the environment except those who belong to the admin role. However I would like to grant read access to some savedsearches to a specific role/group. I tried the below however that does not work. The users given access to the search -Summary_Find cant see any savedsearches.
[savedsearches]
access = read : [ dev, admin, power ], write : [ admin, power, dev ]
export = none
[savedsearches/Summary_Find]
access = read : [ admin, business_admin, dev, support, power ], write : [ admin, dev, power ]
export = none
owner = nobody
Please do let me know if there is a solution to do this in Splunk.
↧