What roles and Capabilities needs to assign in ord...

shedalkar · ‎03-06-2018

Hello,

in our environment we have monitoring instance install on separate server, and want to provide the read only access to one of the user so that he can monitor the general stuff but can not do any changes. So want to know what kind of roles and capabilities I need to assign to that user so that he can login to monitoring console and do the L1 activity.
Thanks.

PhenylVon · ‎03-14-2018

Hi ,

There is no option for monitoring only the Splunk Console(Monitor Console in Splunk) as there is dependency on roles .I tested it our environment but that doesn't work

You can still create restrictive roles based on a current role or creating a new for a new user

adonio · ‎03-06-2018

hello there,

i think you can create a new role, add the user role to it as well as the following capabilities:

dispatch_rest_to indexers

and all the objects that start with: list_
also, you will have to allow that role to see date from internal indexes (starts with "_" underscore)
full list of capabilities here:
https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Rolesandcapabilities#List_of_capabilitie...

hope it helps

What roles and Capabilities needs to assign in order to access the monitoring console with minimal rights ?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms