Is there a way to unimport roles or disable capabi...

the_wolverine · ‎05-13-2016

Is there a way to unimportRoles or disable capabilities for a certain role? I don't believe so based on the documentation:

[role_<roleName>]
<capability> = <enabled>
...
    * Roles inherit all capabilities from imported roles, and inherited
      capabilities cannot be disabled.
...

importRoles = <string>
* Semicolon delimited list of other roles and their associated capabilities
  that should be imported.
* Importing other roles also imports the other aspects of that role, such as
  allowed indexes to search.

We would like to create a custom role to override inherited capabilities. An example would be a system account which has less capabilities but has inherited user role capabilities. Right now it seems like an RFE.

phadnett_splunk · ‎05-13-2016

One solution might be to create a new role (ie. user-system) with fewer capabilities than the normal 'user' role. Then have your 'system-account' role inherit this new 'user-system' role along with the capabilities assigned to it.

Is this what you are looking to achieve?

the_wolverine · ‎05-31-2016

Thanks for your response but this is not what I'm looking for. Since group membership allows a group owner to add their system-account to their own group, the system-account then inherits user capabilities. Even if I find out about the system-account and drop it into a system-account-role, it doesn't uninherit the capabilities already granted by a user role.

This is why I am looking for a way to uninherit or disable capabilities.

Is there a way to unimport roles or disable capabilities for a certain role?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk