We have a Splunk app, that needs to be disabled by the users themselves as per the systems health and maintenance mode. Curious to know which role/capability in splunk is responsible for granting this level of access.
Already have revisited `edit_local_apps` capability as part of https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Rolesandcapabilities#Add.2C_edit.2C_and_... and this doesn't seems to answer the query.
Try this it should work
|edit_local_apps||Lets the user edit actions for application management. Applies only when you set the enable_install_apps setting to "true" in authorize.conf.|
Thanks @Siddharth , I do have enabled the capability edit_local_apps under role from UI. However I am not sure where exactly we need to make changes in authorize.conf. Thanks
enable = true
I think this should work just debug/refresh the system once it is done