Solved: Limited admin permission in Splunk

Cbr1sg · ‎08-16-2018

Hello all,
I want to create a limited admin role for our Splunk environment, this role allows user to view, execute or create anything, but can not edit/modify/delete any existing stuffs.
I see in the capabilities list of Splunk has edit* and list* but I dont see anything about create*.

Could you please help?

Thanks

sudosplunk · ‎08-17-2018

Power user role can achieve this with little to no tweaking in capabilities. Did you try it already? If so, what was the issue?

View solution in original post

sudosplunk · ‎08-17-2018

Power user role can achieve this with little to no tweaking in capabilities. Did you try it already? If so, what was the issue?

Cbr1sg · ‎08-28-2018

@nittala_surya sorry for late reply, only now I have chance to test it. With few modifications in the capabilities, the power role indeed fulfills my requirements..

Thanks mate!

sudosplunk · ‎08-28-2018

Glad to hear that. I moved my comment to answer so that you can accept and close it. Thanks.

deepashri_123 · ‎08-16-2018

Hey@Cbr1sg,

You can refer the following doc which describes the capabilities:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/Rolesandcapabilities

Let me know if this helps!!

Cbr1sg · ‎08-17-2018

@deepashri,
Thanks, I've already gone through that doc but could not find the info that I want.

Limited admin permission in Splunk

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases