The word "admin" is anathema to our IA people. As a result, even though I am the only Splunk developer, I am not permitted to have "admin" privileges. So I have created a new role named "manager". But this role does not have all the permissions I need. What I need is to have full access to all the menu options in the attached screenshot.
I do not get Data inputs and Indexes, though if I copy and paste into the address bar I can get to these pages. But I don't have the capability to full app management.
Alternatively, just edit the .conf files manually (or on a deployment server and push them out it you have a distributed environment). Then you can control the access to the .conf files by OS level file permissions.
I'm not allowed to have any OS level capabilities. I've been doing this kind of Splunk work for almost five years and this is the first time I have been shut down. Don't work for the Department of Defense if you want to work on Splunk.
The problem isn't Splunk admin capabilities, it is the term "admin" that IA doesn't like! They won't bother to learn what the Splunk admin role is, only that it is "Administrative in nature and therefore restriced."
Von Schiller said it best, "Against stupidity the very gods themselves contend in vein."
Add "admin_all_object" capability to manager role.
I couldn't find any other capabilities which will allow to edit/view data inputs from settings. Updating data inputs and indexes are the admin activities, but Splunk doesn't have capabilities defined for them individually.
But that appears to give admin capabilities to everything. that won't work.