Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add edit_sourcetypes to sc_admin

edgarrity
Path Finder
‎06-19-2021 02:44 PM
We want to disable Power Users from editing source types but still allow sc_admin the capability. We unchecked the edit_sourcetypes capability on the Edit Role dialog box for the Power User in Splunk Cloud, then went to the Edit Role for the sc-admin to enable that capability. However, after disabling edit_sourcetypes for the Power User, that capability does not show up in the Edit Role for any role and now no users can edit source types. How do we enable the edit_sourcetypes capability for only the sc_admin role?
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-19-2021 05:02 PM

You'll have to open a Support Request to get the capability restored.

In the future, I recommend against messing with the built-in roles.  Instead, clone the role and modify the clone then assign the cloned role to the appropriate users/groups.  It's a little more work at first, but avoids nasty surprises like that, plus it gives you something to fall back to.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

edgarrity
Path Finder
‎06-24-2021 09:57 AM

I opened a support ticket.  Splunk manually re-enabled the capability.  However, they have not yet been able to determine why unchecking the edit_sourcetypes capability for the Power User role removed that capability from all roles and removed the ability to re-add it.

I will update this ticket with the fix for this bug when I get the response from Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...