Exam SPLK-1005 Topic 1 Question 31 Discussion
Actual exam question for Splunk's SPLK-1005 exam
Question #: 31
Topic #: 1
Question #: 31
Topic #: 1
A Splunk Cloud administrator is looking to allow a new group of Splunk users in the marketing department to access the Splunk environment and view a dashboard with relevant data. These users need to access marketing data (stored in the marketing_data index), but shouldn't be able to access other data, such as events related to security or operations.
Which approach would be the best way to accomplish these requirements?
Which approach would be the best way to accomplish these requirements?
Suggested Answer: B Vote an answer
The best approach to meet the requirements of the marketing department is to create a new role that inherits the user role but with restricted access to only the marketing_data index. This setup allows users to perform searches and view dashboards while ensuring they cannot access other indexes such as those containing security or operations data.
Splunk Documentation Reference: Splunk Role-based Access Control
Splunk Documentation Reference: Splunk Role-based Access Control
by marcel1998zme at Jan 24, 2025, 06:30 AM
0
0
0
10
Comments
marcel1998zme
2025-01-24 06:30:31Reason: While this approach is closer to the correct solution, it can be more complex to manage. Removing capabilities from an inherited role can lead to unintended permission issues and is less straightforward than creating a role with only the necessary permissions.
By creating a new role with the same capabilities as the user role and specifically assigning access to the marketing_data index (Option B), you ensure that the marketing users have the exact permissions they need without any unnecessary or excessive access.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).