Documentation > Splunk > Admin Manual > access_controls.conf

Admin Manual

 


Getting Started
How Splunk Works
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Granular Access Control
Data Distribution
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

access_controls.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

access_controls.conf

access_controls.conf allows you configure granular access controls so that users in different roles can see only a subset of the data in your Splunk index.


To edit access controls settings for your local Splunk server, make your edits in $SPLUNK_HOME/etc/bundles/local/access_controls.conf.


You can create this file by copying examples from $SPLUNK_HOME/etc/bundles/README/access_controls.conf.example.


Never edit files in our default bundle in $SPLUNK_HOME/etc/bundles/default or your changes may be overwritten in an upgrade.


access_controls.conf.spec 

# Copyright (C) 2005-2007 Splunk Inc.  All Rights Reserved.  Version 3.0
# This file contains all possible options for a "access_controls.conf" 
# file.
#
# The access control properties of splunk are configured through the files
# $SPLUNK_HOME/etc/bundles/<bundle name>/access_controls.conf
#
# Roles can contain a search command string but not a search that pipes to
# other commands (where, regex, etc.) 
# This means that if you need field based roles those fields must be indexed 
# not extracted.   
# It is wise to keep the role searches as simple as possible for 
# performance reasons. 
#
# One cannot specify a role that uses indexes, savedsearches, sourcetypes, 
# time commands or regular expressions.
# If tags are used for roles you should be aware that there may be negative 
# performance implications as tag searches are slower than other searches.
# Host and source are recommended for roles.
#
[roles]
rolename1 = <string> 
        * a role name to apply this search string access restriction  
rolename2 = <string> 
        * a role name to apply this search string access restriction  
[groups]
groupname1 = <string>
        * a group name with a space separated list of roles for that group
groupname2 = <string>
        * a group name with a space separated list of roles for that group
[users]
username1 = <string>
        * a username with a space separated list of groups for that user
username2 = <string>
        * a username with a space separated list of groups for that user
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.1/Admin/Accesscontrolsconf"

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!