Archive

Do new roles become grantable roles by default in Splunk?

New Member

Do new roles become grantable roles by default in Splunk?

I'm using Splunk 6.4.2.

I have created a delegated admin role with one user (say d_admin for instance). Here is its definition, as given by the splunk cli:

role:       delegated_admin
capabilities:           edit_roles_grantable edit_user rest_apps_view rest_properties_get 
default app:        
grantable_roles:            dashboard_designer;dashboard_viewer 
imported_capabilities:          
imported_roles:         
searchable_indexes:         
default_index:  

dashboard_designer and dashboard_viewer are nothing special, I just use them to define permissions on apps and dashboards.

Now, when I log into d_admin and create a new role (e.g new_role), I can see and manage it just as if it was in the grantable_roles list, but it is not. I am not at liberty to test if that survives a cold reboot.

My question here is :

Is that a undocumented feature that I can rely on or is that some sort of bug that will bite me if I trust it?

Regards,
Kiran

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

View solution in original post

Splunk Employee
Splunk Employee

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!