Which Splunk Capability allows to enable OR disabl...

juhiacc · ‎07-29-2022

We have a Splunk app, that needs to be disabled by the users themselves as per the systems health and maintenance mode. Curious to know which role/capability in splunk is responsible for granting this level of access.

Already have revisited `edit_local_apps` capability as part of https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Rolesandcapabilities#Add.2C_edit.2C_and_... and this doesn't seems to answer the query.

Thanks

Siddharth · ‎08-05-2022

Try this it should work

edit_local_apps

Lets the user edit actions for application management. Applies only when you set the enable_install_apps setting to "true" in authorize.conf.

sweetie · ‎08-05-2022

Thanks @Siddharth , I do have enabled the capability edit_local_apps under role from UI. However I am not sure where exactly we need to make changes in authorize.conf. Thanks

Siddharth · ‎08-05-2022

in authorize.conf

[capability::edit_local_apps]

enable = true

I think this should work just debug/refresh the system once it is done

Which Splunk Capability allows to enable OR disable a Splunk app?

search head

[capability::edit_local_apps]

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Which Splunk Capability allows to enable OR disable a Splunk app?

search head

[capability::edit_local_apps]

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk