Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Remove capabilities in authorize.conf

alexlee-mv
New Member
‎01-12-2012 11:22 PM

I see capabilities in Splunk are defined in the authorize.conf. For security reason, i want to disable the delete by keyword capabilities in Splunk so no user could delete any data in splunk.

Could I just delete the line which define capabilities and all roles related to it.

Tags (2)
0 Karma
Reply

roychen
Path Finder
‎05-10-2013 01:30 AM

I just tried this out myself. Just comment out this line in $SPLUNK_HOME/etc/system/default/authorize.conf and restart Splunk.

# [capability::delete_by_keyword]

The capability will no longer exist for the can_delete role, and you won't be able to assign it to any other role in the Splunk UI.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...