Security

Is there a way to grant users the capability to create their own apps, but not give them 'Admin' access?

IRHM73
Motivator

Hi,

I wonder whether someone may be able to help me please.

As an administrator, I am looking to provide functionality for users so they can create their own apps. However, I do not want to give them 'Admin' access.

Could someone tell me please, is there a way that I may be able to do this?

Many thanks and kind regards

Chris

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

My recommendation is to have whoever is developing the app to develop in their own environment. Once they're ready to pass the code to you, you do a final review to make sure it will work with your splunk environment, and then deploy the app for them. Do not let non-splunk admins deploy applications to your platform 😉 for your own sake.

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

Best way is to set up development environment e.g. user's own workstation or in some development server if needed.. If you have valid splunk license and support contract you could ask development license from Splunk. Just fulfill this request: https://www.splunk.com/en_us/resources/personalized-dev-test-licenses.html

0 Karma

jkat54
SplunkTrust
SplunkTrust

My recommendation is to have whoever is developing the app to develop in their own environment. Once they're ready to pass the code to you, you do a final review to make sure it will work with your splunk environment, and then deploy the app for them. Do not let non-splunk admins deploy applications to your platform 😉 for your own sake.

paimonsoror
Builder

This is a great question and one that I have had as well. I was also given the recommendation to provide admin rights to a user on a single indexer (if you have a clustered environment). This way they can test their data and allow them to bring data there and play with data. We can also open this indexer to have internet access so they can download any app or TA they want. This way that group of 'semi-admins' will have the ability to do their testing without having access to the entire cluster as a semi-admin. When they are ready to promote their app, they then engage hte splunk admins to move to prod.

Would this also be a feasible recommendation?

0 Karma

IRHM73
Motivator

Hi @chimell, thank you for taking the time to come back to me with this.

No I'm not wanting to grant them 'Admin' access.

Many thanks and kind regards

Chris

0 Karma

jkat54
SplunkTrust
SplunkTrust

To "create their own apps" keyword being "create", they will need admin. Period, the end. No more discussion.

To "edit their own apps" they only need write access to the app.

Usually looks like this:
ApplicationLogs_User - can read dashboards, search, read saved searches reports, etc. within ApplicationLogs App
ApplicaitonLogs_Admin - can edit dashboards, searches, and reports within ApplicationLogs App CAN EDIT THEIR APP
Splunk_Admin - full splunk admin priv for splunk team. CAN INSTALL NEW APPS

0 Karma

IRHM73
Motivator

Hi @jkat54, many thanks for this.

Kind Regards

Chris

0 Karma

IRHM73
Motivator

Hi @jkat54, many thanks for the advice.

Kind Regards

Chris

0 Karma

chimell
Motivator

Do you want that your user role inherite admin role ?

0 Karma

chimell
Motivator

When creating your uer role if you allow it to inherite admin role then your problem is resolved

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Im not sure about creating an app and installing it.. But generally you can do this, however, you'll need to add a new role and update the roles and capabilities. Mostly like your best bet would be to look at the admin group as a template, and then remove the capabilities that you dont want to give.

http://docs.splunk.com/Documentation/Splunk/6.3.2/Security/Aboutusersandroles
http://docs.splunk.com/Documentation/Splunk/6.3.2/Security/Addmanagementaccesstocustomroles

IRHM73
Motivator

Hi @esix, many thanks for taking the time to come back to me with this.

Kind Regards

Chris

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@esix_splunk, we had played around with this for another use case and the capability needed was admin_all_objects which is almost full admin privileges. Could not find any specific capability for app creation unless we missed something.
@IRHM73
Chris, please do let us know if you find something. Thanks

Happy Splunking!
0 Karma

IRHM73
Motivator

Hi @renjith.nair thank you very much for the input.

I will keep you posted should I find anything.

Kind Regards

Chris

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...