Splunk Enterprise

Do new roles become grantable roles by default in Splunk?

gk6565
New Member

Do new roles become grantable roles by default in Splunk?

I'm using Splunk 6.4.2.

I have created a delegated admin role with one user (say d_admin for instance). Here is its definition, as given by the splunk cli:

role:       delegated_admin
capabilities:           edit_roles_grantable edit_user rest_apps_view rest_properties_get 
default app:        
grantable_roles:            dashboard_designer;dashboard_viewer 
imported_capabilities:          
imported_roles:         
searchable_indexes:         
default_index:  

dashboard_designer and dashboard_viewer are nothing special, I just use them to define permissions on apps and dashboards.

Now, when I log into d_admin and create a new role (e.g new_role), I can see and manage it just as if it was in the grantable_roles list, but it is not. I am not at liberty to test if that survives a cold reboot.

My question here is :

Is that a undocumented feature that I can rely on or is that some sort of bug that will bite me if I trust it?

Regards,
Kiran

Tags (1)
0 Karma
1 Solution

hunters_splunk
Splunk Employee
Splunk Employee

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

View solution in original post

hunters_splunk
Splunk Employee
Splunk Employee

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...