Dashboards & Visualizations

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.

kinaba_splunk
Splunk Employee
Splunk Employee

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.
Scenario is UserB (for example, Admin role) create the knowledge object. Then, UserB doesn’t want UserA (power role) to delete it.
That is why, I check off Write permission for power role on the knowledge object.

Steps are below.

1.Create dashboard named [test] by UserB [admin].
*Create in [Search & Reporting] apps, and choose permission [App] or [All apps].
2.In list screen of dashboards, push [Edit] button of [test].
3.Open [Edit Permissions], and add [read] permission to everyone, and add [write] permission to only UserB [admin].
4. Login as UserA [power role] that have only [power] roll, and push [Edit] button of [test] in list screen of dashboards.

5. Then you will find that you can choose [Delete]

Based on the manual below, NOT ONLY write permission for the app to which Knowledge Object belongs to BUT ALSO write permission
to the knowledge object itself is needed to be deleted. In this scenario, UserB should not delete it.

Manual says below.
Disable or delete knowledge objects
To delete any other knowledge object, your role must have write permissions for the app to which the knowledge object belongs and the knowledge object itself.

http://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Disableordeleteknowledgeobjects

Could you tell me why?

0 Karma
1 Solution

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

View solution in original post

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...