Solved: How can I delete option for alerts?

Atchyuth_P · ‎11-16-2022

Hi team

I have created a user and set up capabilities however I haven't checked any delete in capabilities.

When I checked with user console able to see the delete option. Please refer to below screenshot.

Even I tried unchecking can_delete option for alert with admin access but still it is not working.

Please suggest .

gcusello · ‎11-16-2022

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

View solution in original post

emallinger · ‎11-17-2022

Hello all !

I agree with @gcusello.

Depending on the behaviour you wish to create, maybe you'll have to create the alerts and only send the results (via mail ?) to users. Or share only the result in a particular app, developped for that purpose on which users only have read access.

In that case, you are doing the job of creating and managing alerts, so it might not be the desired effect.

Happy splunking !

Ema

Atchyuth_P · ‎11-16-2022

Hi @gcusello

Thank you for the response

I just want to disable the delete option for user itself.

gcusello · ‎11-16-2022

Hi @Atchyuth_P,

for my knowledge it isn't possible disable deletion of its own objects.

Ciao.

Giuseppe

gcusello · ‎11-16-2022

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

How can I delete option for alerts?

alert action

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?