https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19493#M655 <P>I'm setting up my roles like this:</P> <P>== Global Roles ==</P> <UL> <LI>Admin Role</LI> <LI>Manager Role</LI> <LI>Users</LI> </UL> <P>== App Specific Roles ==</P> <UL> <LI>AppName_R</LI> <LI>AppName_RW</LI> <LI>AppName2_R</LI> <LI>AppName2_RW</LI> </UL> <P>... etc ... You get the idea.</P> <P>I have everything nicely set up for the Admin role and for the app specific roles. All of the app roles inherit from the "users" role and inherit basic permissions from there.</P> <P>Admin Role is the default admin role that comes with Splunk.</P> <P>Each app is configured with only three checkboxes checked on the permissions page:</P> <PRE><CODE>Role Read Write AppName_R X AppName_RW X X </CODE></PRE> <P>Like so. </P> <P>This works great, since it makes setting permissions for new apps nice and easy, and is obvious to users who can do what. </P> <P>Admins can automatically read and write to everything, even if permissions aren't explicitly given. </P> <P>What I'm trying to create for the Manager Role is a user who can automatically read from everything (just like admins), but doesn't have any explicit write permissions.</P> Mon, 29 Apr 2013 18:47:49 GMT Ricapar 2013-04-29T18:47:49Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19493#M655 <P>I'm setting up my roles like this:</P> <P>== Global Roles ==</P> <UL> <LI>Admin Role</LI> <LI>Manager Role</LI> <LI>Users</LI> </UL> <P>== App Specific Roles ==</P> <UL> <LI>AppName_R</LI> <LI>AppName_RW</LI> <LI>AppName2_R</LI> <LI>AppName2_RW</LI> </UL> <P>... etc ... You get the idea.</P> <P>I have everything nicely set up for the Admin role and for the app specific roles. All of the app roles inherit from the "users" role and inherit basic permissions from there.</P> <P>Admin Role is the default admin role that comes with Splunk.</P> <P>Each app is configured with only three checkboxes checked on the permissions page:</P> <PRE><CODE>Role Read Write AppName_R X AppName_RW X X </CODE></PRE> <P>Like so. </P> <P>This works great, since it makes setting permissions for new apps nice and easy, and is obvious to users who can do what. </P> <P>Admins can automatically read and write to everything, even if permissions aren't explicitly given. </P> <P>What I'm trying to create for the Manager Role is a user who can automatically read from everything (just like admins), but doesn't have any explicit write permissions.</P> Mon, 29 Apr 2013 18:47:49 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19493#M655 Ricapar 2013-04-29T18:47:49Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19494#M656 <P>Unfortunately I don't think this is possible from the ROLE's perspective. You would have to create a new role, then manually go through the permissions of each app and grant "read only" permissions to the new role (you can do this from the "Manager &gt; apps" Interface)</P> Mon, 29 Apr 2013 19:06:55 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19494#M656 aholzer 2013-04-29T19:06:55Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19495#M657 <P>That's what I was hoping to avoid <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Mon, 29 Apr 2013 19:28:51 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19495#M657 Ricapar 2013-04-29T19:28:51Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19496#M658 <P>What about role inheritance ?</P> Fri, 03 May 2013 15:58:05 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19496#M658 yannK 2013-05-03T15:58:05Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19497#M659 <P>You could setup, a Manager Role that inherits from every AppName_R role. aholzer's suggestion works as well but you can loop through the metadata/default.meta on the filesystem and add the additional role to the read stanza.</P> Fri, 03 May 2013 22:18:10 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19497#M659 chris 2013-05-03T22:18:10Z https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19498#M660 <P>I ended up solving this using @yannK's and @chris's suggestion.</P> <P>I created a role that we will manually set to inherit from every AppName_R role. We added the extra step to our (currently manual) application role setup procedure. I would've preferred something a bit more automated, but one extra step isn't a dealbreaker.</P> Mon, 13 May 2013 18:15:16 GMT https://community.splunk.com/t5/Security/Creating-a-role-that-can-read-every-app/m-p/19498#M660 Ricapar 2013-05-13T18:15:16Z