Dashboards & Visualizations

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.

kinaba_splunk
Splunk Employee
Splunk Employee

UserA (power role) can delete knowledge object which he hasn't created nor having write permissions to the knowledge object itself.
Scenario is UserB (for example, Admin role) create the knowledge object. Then, UserB doesn’t want UserA (power role) to delete it.
That is why, I check off Write permission for power role on the knowledge object.

Steps are below.

1.Create dashboard named [test] by UserB [admin].
*Create in [Search & Reporting] apps, and choose permission [App] or [All apps].
2.In list screen of dashboards, push [Edit] button of [test].
3.Open [Edit Permissions], and add [read] permission to everyone, and add [write] permission to only UserB [admin].
4. Login as UserA [power role] that have only [power] roll, and push [Edit] button of [test] in list screen of dashboards.

5. Then you will find that you can choose [Delete]

Based on the manual below, NOT ONLY write permission for the app to which Knowledge Object belongs to BUT ALSO write permission
to the knowledge object itself is needed to be deleted. In this scenario, UserB should not delete it.

Manual says below.
Disable or delete knowledge objects
To delete any other knowledge object, your role must have write permissions for the app to which the knowledge object belongs and the knowledge object itself.

http://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Disableordeleteknowledgeobjects

Could you tell me why?

0 Karma
1 Solution

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

View solution in original post

kinaba_splunk
Splunk Employee
Splunk Employee

Write permission to knowledge object will give only a capability to modify the knowledge object (It doesn’t mean
delete capability).
In other words, in order to delete an object from a container(app), the current user must have write permissions
on the container (app). This is as design.

Workaround:
There is no reasonable workaround to stop user to delete the knowledge object even though he hasn’t created
as long as he has write permission on the app the object belongs to.
(In the scenario, if remove [power] role's write permission from [Search & Report], UserB can’t delete it any more.
But at the same time, UserB can’t edit the object which he creates. So, it may be inconvenient.)

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...