Security

Power user permission to change ownership of objects.

nocostk
Communicator

I'd like to grant my Power users access to change eventtypes, savedsearches, etc. from private to app-specific/global. It seems that that is only granted to admins?

Tags (1)

ewoo
Splunk Employee
Splunk Employee

The ability to share objects into an app is controlled by the permissions on the app container.

To allow power users to share eventtypes (for example) into a particular app:

  • Go to Manager > Apps
  • Click on the Permissions link in the Sharing column of the desired app
  • Grant the power role write access to the app

srikanth1213
Path Finder

thank you for the response.. so do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)

0 Karma

ewoo
Splunk Employee
Splunk Employee

do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)

In my opinion, the most effective way to edit the permissions of a large number of objects, in bulk, is to use some shell/Python scripting plus Splunk's REST API.

See "Example 2" here: http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTUM/RESTusing#Access_Control_List

Also: https://answers.splunk.com/answering/7788/view.html

0 Karma

the_wolverine
Champion

Also, once you set the permissions at the app-level to allow Power role write access to the app, all new objects will auto-inherit this setting when you share them. As in, once you click on "Share in app", you'll see the Power role checked for write access.

For existing objects, yes, you'll have to manually update the permissions.

0 Karma

srikanth1213
Path Finder

hi, .though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?

0 Karma

ewoo
Splunk Employee
Splunk Employee

Note: the original question here pertains to the ability to share objects to an app, i.e. move them from private to shared.

The read/write permission on an individual object are a related-but-different matter. That being said ...

though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?

Objects within an app only inherit the app-level permission if they lack an explicit permission themselves. This is commonly the case for objects that ship with an app by default.

Objects created via UI, CLI, or REST API typically have explicit permissions. In this case, you must grant write permission on the objects themselves, to make them editable by the desired roles.

0 Karma

JSapienza
Contributor

You might want take a look at documentation for the authorize.conf

( http://www.splunk.com/base/Documentation/latest/Admin/Authorizeconf ).

This document describes the capabilities assigned to the roles.

0 Karma

JSapienza
Contributor

Yea, I just noticed that as well. It looks like that capability gives the user the keys to the kingdom.Not such a good idea for a power user.
But it kind of make sense , you are asking to changing permissions on objects the user does not own.

nocostk
Communicator

Hmm, the only thing I see in there that may address this is: capability::admin_all_objects - but apparently that's like giving root access?

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...