Hi,
I wonder whether someone may be able to help me please.
As an administrator, I am looking to provide functionality for users so they can create their own apps. However, I do not want to give them 'Admin' access.
Could someone tell me please, is there a way that I may be able to do this?
Many thanks and kind regards
Chris
My recommendation is to have whoever is developing the app to develop in their own environment. Once they're ready to pass the code to you, you do a final review to make sure it will work with your splunk environment, and then deploy the app for them. Do not let non-splunk admins deploy applications to your platform 😉 for your own sake.
Best way is to set up development environment e.g. user's own workstation or in some development server if needed.. If you have valid splunk license and support contract you could ask development license from Splunk. Just fulfill this request: https://www.splunk.com/en_us/resources/personalized-dev-test-licenses.html
My recommendation is to have whoever is developing the app to develop in their own environment. Once they're ready to pass the code to you, you do a final review to make sure it will work with your splunk environment, and then deploy the app for them. Do not let non-splunk admins deploy applications to your platform 😉 for your own sake.
This is a great question and one that I have had as well. I was also given the recommendation to provide admin rights to a user on a single indexer (if you have a clustered environment). This way they can test their data and allow them to bring data there and play with data. We can also open this indexer to have internet access so they can download any app or TA they want. This way that group of 'semi-admins' will have the ability to do their testing without having access to the entire cluster as a semi-admin. When they are ready to promote their app, they then engage hte splunk admins to move to prod.
Would this also be a feasible recommendation?
Hi @chimell, thank you for taking the time to come back to me with this.
No I'm not wanting to grant them 'Admin' access.
Many thanks and kind regards
Chris
To "create their own apps" keyword being "create", they will need admin. Period, the end. No more discussion.
To "edit their own apps" they only need write access to the app.
Usually looks like this:
ApplicationLogs_User - can read dashboards, search, read saved searches reports, etc. within ApplicationLogs App
ApplicaitonLogs_Admin - can edit dashboards, searches, and reports within ApplicationLogs App CAN EDIT THEIR APP
Splunk_Admin - full splunk admin priv for splunk team. CAN INSTALL NEW APPS
Hi @jkat54, many thanks for this.
Kind Regards
Chris
Hi @jkat54, many thanks for the advice.
Kind Regards
Chris
Do you want that your user role inherite admin role ?
When creating your uer role if you allow it to inherite admin role then your problem is resolved
Im not sure about creating an app and installing it.. But generally you can do this, however, you'll need to add a new role and update the roles and capabilities. Mostly like your best bet would be to look at the admin group as a template, and then remove the capabilities that you dont want to give.
http://docs.splunk.com/Documentation/Splunk/6.3.2/Security/Aboutusersandroles
http://docs.splunk.com/Documentation/Splunk/6.3.2/Security/Addmanagementaccesstocustomroles
Hi @esix, many thanks for taking the time to come back to me with this.
Kind Regards
Chris
@esix_splunk, we had played around with this for another use case and the capability needed was admin_all_objects which is almost full admin privileges. Could not find any specific capability for app creation unless we missed something.
@IRHM73
Chris, please do let us know if you find something. Thanks
Hi @renjith.nair thank you very much for the input.
I will keep you posted should I find anything.
Kind Regards
Chris