Security

Can you please suggest the right capabilities and inheritance that we should use to create/edit roles?

rjteh_splunk
Splunk Employee
Splunk Employee

We're trying to set up Role Based Access Controls for our security team who provisions roles and access. Can you please suggest the right capabilities and inheritance that we should use?

We had setup a test role with the following inheritance and capabilities.

Role Name: test
Inheritance role: user
Capabilities: edit_roles_grantable, edit_user

The complete list of capabilities for this test role is...

accelerate_search
change_own_password
edit_search_schedule_window
export_results_is_visible
get_metadata
get_typeahead
input_file
list_inputs
list_metrics_catalog
output_file
pattern_detect
request_remote_tok
rest_apps_view
rest_properties_get
rest_properties_set
schedule_rtsearch
search

This role works fine when trying to create roles that inherit user level access, but when we try to create a new role that inherits power or sc_admin, it throws an error as given below:

> ERROR AdminHandler:AuthenticationHandler - current user doesn't have permissions to create new role with imported role
0 Karma

rjteh_splunk
Splunk Employee
Splunk Employee

The "edit_roles_grantable" capability will only allow the user to create/edit the role if they have listed the roles in "Inheritance" section on the custom role.

For example, if you want to create/edit a power role, the user must at least be assigned a custom role which inherits another custom role which has power capabilities or the power role itself (as shown below).

alt text

Once the user logs in and attempts to create a new role, they will be able to only select from the following list.

alt text

However, if you would like the user to be able to inherit from all available roles, you can add the "edit_roles" capability to achieve this. Documented here:

About defining roles with capabilities

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...