What is the role capability required to view all the indexes in splunk cloud settings?
We have below capabilities in place
if you are asking to see data in indexes, this capability is associated to a role but it isn't a feature,
the access to indexes is configured in a different tab (the third) of the role definition.
Yes, the person associated with that role (with capabilities) not able to see "indexes" listed in the settings.
On the third tab for 3.indexes, the role got all the indexes included and save.
So, my question here is , What capability is required for a role to view "indexes" listed in the settings?
or Is there any other permission need to be given?
if you're speaking of a distributed architecture, Search Heads' users cannot see indexes because they are on different servers (Indexers), sometimes, some administrators create indexes on Search Heads, not to use them, but only to give a list of possible indexes for the users, but anyway they aren't usable.
In addition if you have a Search Head Cluster, many features (as indexes list) are disabled for all the users because it isn't possible to manage them.
If you're speaking of a stand-alone server, if a user has the grants to access an index, he can see it in the listed indexes.
In conclusion, as I already said, there isn't a special feature to see indexes.
@gcusello If yes, I can see only this view in the Splunk cloud settings.
There is not "indexes" option under DATA.
So, my questions is , Is there any capability am I missing to view this option?
What capability required to see "indexes" under DATA
My use-case is that I want to create a role which has access to all indexes. However I don't to have to be updating this role every time a new index is onboarded. And I don't want to overprovision users with admin access.
Is this possible?
We're on-prem 8.2.2
you have an option in role definition of accessing all not internal indexes, but I don't know if this is compatible with your security requirements,
otherwise, you have to manually add every new index.
Even if, I don't know in your situation, but usually creation of a new index shouldn't be a so frequent action!
if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.
Ciao and happy splunking
P.S.: Karma Points are appreciated by all the Contributors;-)