Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Creating a role that can read every app

Ricapar
Communicator
‎04-29-2013 11:47 AM

I'm setting up my roles like this:

== Global Roles ==

  • Admin Role
  • Manager Role
  • Users

== App Specific Roles ==

  • AppName_R
  • AppName_RW
  • AppName2_R
  • AppName2_RW

... etc ... You get the idea.

I have everything nicely set up for the Admin role and for the app specific roles. All of the app roles inherit from the "users" role and inherit basic permissions from there.

Admin Role is the default admin role that comes with Splunk.

Each app is configured with only three checkboxes checked on the permissions page:

Role           Read   Write
AppName_R        X  
AppName_RW       X      X

Like so.

This works great, since it makes setting permissions for new apps nice and easy, and is obvious to users who can do what.

Admins can automatically read and write to everything, even if permissions aren't explicitly given.

What I'm trying to create for the Manager Role is a user who can automatically read from everything (just like admins), but doesn't have any explicit write permissions.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ricapar
Communicator
‎05-13-2013 11:15 AM

I ended up solving this using @yannK's and @chris's suggestion.

I created a role that we will manually set to inherit from every AppName_R role. We added the extra step to our (currently manual) application role setup procedure. I would've preferred something a bit more automated, but one extra step isn't a dealbreaker.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Ricapar
Communicator
‎05-13-2013 11:15 AM

I ended up solving this using @yannK's and @chris's suggestion.

I created a role that we will manually set to inherit from every AppName_R role. We added the extra step to our (currently manual) application role setup procedure. I would've preferred something a bit more automated, but one extra step isn't a dealbreaker.

0 Karma
Reply
Solved! Jump to solution

chris
Motivator
‎05-03-2013 03:18 PM

You could setup, a Manager Role that inherits from every AppName_R role. aholzer's suggestion works as well but you can loop through the metadata/default.meta on the filesystem and add the additional role to the read stanza.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎05-03-2013 08:58 AM

What about role inheritance ?

Reply
Solved! Jump to solution

Ricapar
Communicator
‎04-29-2013 12:28 PM

That's what I was hoping to avoid 😞

0 Karma
Reply
Solved! Jump to solution

aholzer
Motivator
‎04-29-2013 12:06 PM

Unfortunately I don't think this is possible from the ROLE's perspective. You would have to create a new role, then manually go through the permissions of each app and grant "read only" permissions to the new role (you can do this from the "Manager > apps" Interface)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...