for example, I need to add an admin user with "can_delete" & "admin" role.
In splunk doc, I can see that the following command allow me to CHANGE the role to "can_delete", not ADD the roles besides admin.
./splunk edit user admin -role can_delete -auth admin:changeme
You can also directly create a user with multiples roles:
splunk add user buddha -role user -role power -role zen -realname "Siddhartha Gautama" -password changeme
i know its an old question, but in case others are searching for the same...
Yes, you can do that...
Take the following user
splunk add user buddha -role user -realname "Siddhartha Gautama" -password changeme
After creation, the buddha user is a member of the user role.. To edit this user to have two roles: power and zen you would need two -role parameters sent to the command...
splunk edit user buddha -role power -role zen
Running
splunk list user
will show:
username: buddha
full-name: Siddhartha Gautama
role: power zen
Notice that the edit command added buddha to the "power" and "zen" roles and removed it from the "user" role that was set on the first command. "edit user -role" will completely replace the roles that the user had with the new list of roles.
hth
Thx guys
really helpful