Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Delete the roles power and user

reed_kelly
Contributor
‎08-31-2015 02:32 PM

I define specific roles for each team. I don't particularly see a use for the Power or User roles. In fact, I find it annoying that "power" is added to app modify rights, by default. Are there any side effects of deleting these two roles to prevent their accidental use?

Tags (1)
0 Karma
Reply

sduff_splunk
Splunk Employee
Splunk Employee
‎08-31-2015 07:19 PM

In general, most other roles will inherit the permissions and capabilities from the user role (some elevated roles would use power), so I would strongly advise against removing the user and power roles.

Reply

reed_kelly
Contributor
‎09-01-2015 06:33 AM

I specifically create new base roles to inherit from. For example, I create a base_user with no data access and some basic search capabilities. I also create a base_dev role with additional capabilities for editing dashboards and scheduling searches. My goal is to lock down access to "least required" by each team to meet audit guidelines. I am not seeing any inherited features of user or power in my other roles. Are there any hidden attributes that are inherited from user or power?

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...