Alerting

How can I delete option for alerts?

Atchyuth_P
Path Finder

Hi team 

I have created a user and set up capabilities however I haven't checked any delete in capabilities.

When I checked with user console able to see the delete option. Please refer to below screenshot.

Screenshot_2022-11-17-07-56-14-23_f56466bc4bb61e6d2de1f3b0468a89d9.jpg

Even I tried unchecking can_delete option for alert with admin access but still it is not working.

Please suggest .

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

View solution in original post

emallinger
Communicator

Hello all !

I agree with @gcusello

Depending on the behaviour you wish to create, maybe you'll have to create the alerts and only send the results (via mail ?) to users. Or share only the result in a particular app, developped for that purpose on which users only have read access.

In that case, you are doing the job of creating and managing alerts, so it might not be the desired effect.

Happy splunking !

Ema

0 Karma

Atchyuth_P
Path Finder

Hi @gcusello 

Thank you for the response

I just want to disable the delete option for user itself.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

for my knowledge it isn't possible disable deletion of its own objects.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Atchyuth_P,

can_delete is a role to delete events, that usually isn't enabled for the other roles.

the screenshot you shared is related to alerts not to events, so there isn't any relation with can-delete role.

Each user can delete its own alerts and, if it's an admin, also delete shared alerts.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...