https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163288#M4841 <P>Hi,splunk community.</P> <P>I'm now considering user management.</P> <P>I want to create user who can only do user management without administrative right.<BR /> Therefore, I created a new user, and I added "edit_user" and "edit_role" to Capabilities of this user.</P> <P>It looks like I created the user who do user management without administrative right.<BR /> However, this user can create user who have administrative right.<BR /> That really doesn't have any meaning.</P> <P>is there a way to prevent to create user who have administrative right?</P> Mon, 28 Sep 2020 18:29:24 GMT akanno 2020-09-28T18:29:24Z https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163288#M4841 <P>Hi,splunk community.</P> <P>I'm now considering user management.</P> <P>I want to create user who can only do user management without administrative right.<BR /> Therefore, I created a new user, and I added "edit_user" and "edit_role" to Capabilities of this user.</P> <P>It looks like I created the user who do user management without administrative right.<BR /> However, this user can create user who have administrative right.<BR /> That really doesn't have any meaning.</P> <P>is there a way to prevent to create user who have administrative right?</P> Mon, 28 Sep 2020 18:29:24 GMT https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163288#M4841 akanno 2020-09-28T18:29:24Z https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163289#M4842 <P>The best way is to outsource user management via LDAP or Active Directory. The Splunk administrator sets up the connection and maps Splunk roles to LDAP/AD groups, and users are added/removed from Splunk by adding them to those LDAP/AD groups or removing them.</P> <P>With the built-in authentication you're not going to achieve that, there's no special capability that restricts assigning roles with admin permissions to users, and nothing restricting assigning admin capabilities to roles.</P> Mon, 22 Dec 2014 16:29:01 GMT https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163289#M4842 martin_mueller 2014-12-22T16:29:01Z https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163290#M4843 <P>Thank you for your help.<BR /> I will use LDAP or AD.</P> Fri, 26 Dec 2014 02:12:41 GMT https://community.splunk.com/t5/Security/How-to-create-user-who-can-create-user-without-administrative/m-p/163290#M4843 akanno 2014-12-26T02:12:41Z