Alerting

How can I delete option for alerts?

Atchyuth_P
Path Finder

Hi team 

I have created a user and set up capabilities however I haven't checked any delete in capabilities.

When I checked with user console able to see the delete option. Please refer to below screenshot.

Screenshot_2022-11-17-07-56-14-23_f56466bc4bb61e6d2de1f3b0468a89d9.jpg

Even I tried unchecking can_delete option for alert with admin access but still it is not working.

Please suggest .

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

View solution in original post

emallinger
Communicator

Hello all !

I agree with @gcusello

Depending on the behaviour you wish to create, maybe you'll have to create the alerts and only send the results (via mail ?) to users. Or share only the result in a particular app, developped for that purpose on which users only have read access.

In that case, you are doing the job of creating and managing alerts, so it might not be the desired effect.

Happy splunking !

Ema

0 Karma

Atchyuth_P
Path Finder

Hi @gcusello 

Thank you for the response

I just want to disable the delete option for user itself.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

for my knowledge it isn't possible disable deletion of its own objects.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...