I would like to know what capability I need to disable in admin role that will disable the admin user from downloading or creating a splunk app.
The list of default capabilities is shown here. I don't see anything there specifically related to managing an app. Therefore, I'm going to guess that that capability is a subset of admin_all_objects
. A non-admin user can view applications in the Apps link of the Manager, but can't enable or disable them, nor change permissions on objects contained therein.
It doesn't appear as though the admin role can be separated from the ability to manipulate apps at this time.
If you're concerned about users with admin privileges rampantly installing apps, you might consider making them a non-admin user, but with enough added capabilities to administer the objects that they do need to tweak.