Splunk search for Roles and Allowed Indexes

Copy
| rest /services/authentication/users | mvexpand roles | table realname, title, roles, email | join roles [ rest /services/authorization/roles | rename title as roles | search srchIndexesAllowed=* | table roles srchIndexesAllowed] | rename realname as Name, title as Title, roles as Roles, email as Email, srchIndexesAllowed as "Indexes this user an access"
This Splunk search will show a list of all Splunk user roles and the indexes that they are allowed to access. This can be helpful in reviewing your data protection to ensure that users are able to see only the data that they should have access to.
0 comments

Category:

General Splunk


Tags:

rest Admin general authentication

Search Commands:

Sign in or Register to submit a comment