https://community.splunk.com/t5/Security/splunk-access-delegation-roles/m-p/94248#M3120 <P>Just tried the same without success (version 4.1.7). Have you considered opening a case ?</P> <P>I found a solution that might help. You can overwrite the admin role in local\autorize.conf and reduce the number of capabilities. The you can define a new "myadmin" role with all capabilities. But I don't know, how that works out with updates.</P> Wed, 09 Mar 2011 23:02:30 GMT wollinet 2011-03-09T23:02:30Z https://community.splunk.com/t5/Security/splunk-access-delegation-roles/m-p/94247#M3119 <P>I'm trying to set up a role in one of our splunk servers (running 4.1.5 on a 64 bit redhat linux 5 machine). What I really want to do is create a role that has almost all admin capabilities except the ability to delete data and modify roles. This role should be able to create indexes and start/stop splunk.</P> <P>I see that there are some capabilities that seem to grant this (like restart_splunkd). However, while I can these capabilities to a role, I noticed that all roles except the built-in "admin" role are missing certain sections in the manager section. Logging in with a user that has the admin role, I see the following on the right column under "System configurations"</P> <PRE> -System settings -Server controls -License -Data inputs -Forwarding and receiving -Indexes -Access controls -Distributed search -Deployment -User options </PRE> <P>However, if I grant a role the ability to restart splunk, and place a user in that role, logging into the manager section with that user only shows one item on the left under "System Configurations", which is the "User options" section.</P> <P>I've even gone as far as cloning the "admin" role and trying to log in with that newly (and unmodified after the clone) role, and I still do not see the full list of options in the Manager under "System configurations".</P> <P>So, since I figure I'm missing something very obvious, can someone either point me in the right direction, or confirm that what i'm trying to do is just not possible? -Joseph</P> Thu, 25 Nov 2010 00:16:47 GMT https://community.splunk.com/t5/Security/splunk-access-delegation-roles/m-p/94247#M3119 jbanda 2010-11-25T00:16:47Z https://community.splunk.com/t5/Security/splunk-access-delegation-roles/m-p/94248#M3120 <P>Just tried the same without success (version 4.1.7). Have you considered opening a case ?</P> <P>I found a solution that might help. You can overwrite the admin role in local\autorize.conf and reduce the number of capabilities. The you can define a new "myadmin" role with all capabilities. But I don't know, how that works out with updates.</P> Wed, 09 Mar 2011 23:02:30 GMT https://community.splunk.com/t5/Security/splunk-access-delegation-roles/m-p/94248#M3120 wollinet 2011-03-09T23:02:30Z