topic Re: How to create a role to managge risky command in Splunk Enterprise

How to create a role to managge risky command

silverKi — Wed, 29 Jan 2025 05:23:53 GMT

I want to create a custom role to manage splunk risky commands. I looked for configuration files related to risky commands and found that it is related to web.conf command.conf file and I found that you can disable risky commands by setting [command] is_risky=false in command.conf file. What I want is to give a role to manage risky_command so that I can get different search results than other users. I wonder if it is possible to create such a role.

Re: How to create a role to managge risky command

richgalloway — Wed, 29 Jan 2025 13:26:35 GMT

What you seek to do is not possible. The contents of commands.conf apply to all roles.

Management of the commands.conf file is not controlled by role. It is governed by whatever process your organization has for controlling CLI access to the Splunk server(s).

Re: How to create a role to managge risky command

VatsalJagani — Thu, 30 Jan 2025 12:40:53 GMT

@silverKi- As @richgalloway mentioned it is not possible to do it for particular role or user.

But you can disable risky for particular command or for all commands.

Reference document - https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards

I hope this helps!!!

Re: How to create a role to managge risky command

silverKi — Fri, 31 Jan 2025 05:12:02 GMT

Thank you for your reply.. And I have one more curious things.

I mentioned you because I had additional questions. I would like to know which file each role's functionality maps to and which path it is. Currently, I have created a new role-Capability called manage_risky_commands and the operation method has not been mapped yet.

Re: How to create a role to managge risky command

silverKi — Fri, 31 Jan 2025 05:13:14 GMT

@richgalloway @VatsalJagani

Thank you for your reply.. And I have one more curious things.