https://community.splunk.com/t5/Getting-Data-In/Remove-capabilities-in-authorize-conf/m-p/50596#M9666 <P>I just tried this out myself. Just comment out this line in $SPLUNK_HOME/etc/system/default/authorize.conf and restart Splunk.</P> <PRE><CODE># [capability::delete_by_keyword] </CODE></PRE> <P>The capability will no longer exist for the can_delete role, and you won't be able to assign it to any other role in the Splunk UI.</P> Fri, 10 May 2013 08:30:07 GMT roychen 2013-05-10T08:30:07Z https://community.splunk.com/t5/Getting-Data-In/Remove-capabilities-in-authorize-conf/m-p/50595#M9665 <P>I see capabilities in Splunk are defined in the authorize.conf. For security reason, i want to disable the delete by keyword capabilities in Splunk so no user could delete any data in splunk. </P> <P>Could I just delete the line which define capabilities and all roles related to it. </P> Fri, 13 Jan 2012 07:22:37 GMT https://community.splunk.com/t5/Getting-Data-In/Remove-capabilities-in-authorize-conf/m-p/50595#M9665 alexlee-mv 2012-01-13T07:22:37Z https://community.splunk.com/t5/Getting-Data-In/Remove-capabilities-in-authorize-conf/m-p/50596#M9666 <P>I just tried this out myself. Just comment out this line in $SPLUNK_HOME/etc/system/default/authorize.conf and restart Splunk.</P> <PRE><CODE># [capability::delete_by_keyword] </CODE></PRE> <P>The capability will no longer exist for the can_delete role, and you won't be able to assign it to any other role in the Splunk UI.</P> Fri, 10 May 2013 08:30:07 GMT https://community.splunk.com/t5/Getting-Data-In/Remove-capabilities-in-authorize-conf/m-p/50596#M9666 roychen 2013-05-10T08:30:07Z