Splunk Power Users Role -- Edit all Saves Reports ...

TobiasBoone · ‎08-05-2019

We have hundreds and hundreds of saved searches and dozens of Alerts. I need the power user role to be able to edit and modify all of them. Is there a way in bulk to ensure this role has permissions without opening and editing all individually? Ie some inheritance flag to be set that trickles down such that also by default all new saved searches will be accessible to this role?

DavidHourani · ‎08-05-2019

Hi @TobiasBoone,

You're looking for admin_all_objects it's the only way to give access to all searches, reports, alerts regardless of who own them.

Morei info here :
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Rolesandcapabilities

Be careful though as this could be too much permissions for your power users. Another way to do this would be to ensure that all newly created objects give power user the capability to write. This can be done by setting role level permission for the applications you wish your power user to edit.

Let me know if that helps.

Cheers,
David

jacobpevans · ‎08-05-2019

Duplicate of: https://answers.splunk.com/answers/762969/splunk-power-users-role-edit-all-saves-reports-and.html

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.

Sukisen1981 · ‎08-05-2019

does admin role have access to all the saved searches and alerts?

Splunk Power Users Role -- Edit all Saves Reports and Alerts

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification