Dashboards & Visualizations

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.

kinaba_splunk
Splunk Employee
Splunk Employee

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.
Scenario is UserB (for example, Admin role) create the knowledge object. Then, UserB doesn’t want UserA (power role) to delete it.
That is why, I check off Write permission for power role on the knowledge object.

Steps are below.

1.Create dashboard named [test] by UserB [admin].
*Create in [Search & Reporting] apps, and choose permission [App] or [All apps].
2.In list screen of dashboards, push [Edit] button of [test].
3.Open [Edit Permissions], and add [read] permission to everyone, and add [write] permission to only UserB [admin].
4. Login as UserA [power role] that have only [power] roll, and push [Edit] button of [test] in list screen of dashboards.

5. Then you will find that you can choose [Delete]

Based on the manual below, NOT ONLY write permission for the app to which Knowledge Object belongs to BUT ALSO write permission
to the knowledge object itself is needed to be deleted. In this scenario, UserB should not delete it.

Manual says below.
Disable or delete knowledge objects
To delete any other knowledge object, your role must have write permissions for the app to which the knowledge object belongs and the knowledge object itself.

http://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Disableordeleteknowledgeobjects

Could you tell me why?

0 Karma
1 Solution

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

View solution in original post

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...