Hi,
I have to create a splunk role for an "operator" user who must be able of launching the CLI command "splunk apply shcluster-bundle". What capacilities should I have to attribute to this role ?
Thank you for your help,
Patrice
We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.
Step 1: Define a new capability and assign it to a role - via authorize.conf
[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled
Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf
[apps-deploy:apps-deploy]
capability.post=deployer_capability
This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.
They need the administer all objects capability.