Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create new role with almost admin capabilities

kmattern
Builder
‎03-17-2014 09:30 AM

The word "admin" is anathema to our IA people. As a result, even though I am the only Splunk developer, I am not permitted to have "admin" privileges. So I have created a new role named "manager". But this role does not have all the permissions I need. What I need is to have full access to all the menu options in the attached screenshot.

I do not get Data inputs and Indexes, though if I copy and paste into the address bar I can get to these pages. But I don't have the capability to full app management.

alt text

Tags (2)
0 Karma
Reply

rtadams89
Contributor
‎03-17-2014 03:19 PM

Alternatively, just edit the .conf files manually (or on a deployment server and push them out it you have a distributed environment). Then you can control the access to the .conf files by OS level file permissions.

0 Karma
Reply

kmattern
Builder
‎03-18-2014 06:40 AM

I'm not allowed to have any OS level capabilities. I've been doing this kind of Splunk work for almost five years and this is the first time I have been shut down. Don't work for the Department of Defense if you want to work on Splunk.

The problem isn't Splunk admin capabilities, it is the term "admin" that IA doesn't like! They won't bother to learn what the Splunk admin role is, only that it is "Administrative in nature and therefore restriced."

Von Schiller said it best, "Against stupidity the very gods themselves contend in vein."

0 Karma
Reply

somesoni2
Revered Legend
‎03-17-2014 09:32 AM

Add "admin_all_object" capability to manager role.

Reply

somesoni2
Revered Legend
‎03-17-2014 12:30 PM

I couldn't find any other capabilities which will allow to edit/view data inputs from settings. Updating data inputs and indexes are the admin activities, but Splunk doesn't have capabilities defined for them individually.

0 Karma
Reply

kmattern
Builder
‎03-17-2014 10:31 AM

But that appears to give admin capabilities to everything. that won't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...