Getting Data In

I can't assign `can_delete` to default user `admin`.

yutaka1005
Builder

I am facing a problem similar to the following Answers!

https://answers.splunk.com/answers/549958/admin-like-account-that-cant-assign-the-can-delete.html

On my case, I can't assign can_delete to default user admin and the below message is displayed.

Role=can_delete is not grantable

Is this specification?

Please someone tell me.

1 Solution

yutaka1005
Builder

Apparently, changing the setting of the admin role (*change of the default index to be searched etc...) will automatically add the setting value grantableRoles = admin to authorize.conf under system/local.

Also due to the setting value, can_delete could not be assign to theadmin user.

Therefore I would like to avoid it with workaround etc. proposed by @renjith.nair

View solution in original post

yutaka1005
Builder

Apparently, changing the setting of the admin role (*change of the default index to be searched etc...) will automatically add the setting value grantableRoles = admin to authorize.conf under system/local.

Also due to the setting value, can_delete could not be assign to theadmin user.

Therefore I would like to avoid it with workaround etc. proposed by @renjith.nair

View solution in original post

renjith_nair
SplunkTrust
SplunkTrust

Hi @yutaka1005,

That's because you are trying to assign "role" to the user admin. Instead of that , try adding can_delete "role" to admin role and then try adding the role -> user

So in short
role can_delete -> admin role
role can_delete -> admin user

yutaka1005
Builder

Thank you for answer.

I will also refer to the workaround you taught.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!