After the creation of a new role, with limited capabilities, my question is:
is it possible to allow this role with the capability to install and manage apps?
Basically the users on this role can search, save searches/alerts, build dashboards, but almost nothing else besides these capabilities. However I want this role to be able to install Splunk apps from Splunk App site.
The configuration for the role is similar to the following:
[role_NAME] change_own_password = enabled cumulativeRTSrchJobsQuota = 6 cumulativeSrchJobsQuota = 8 pattern_detect = enabled rest_apps_view = enabled rest_properties_get = enabled rtSrchJobsQuota = 4 rtsearch = enabled schedule_search = enabled search = enabled srchDiskQuota = 500 srchIndexesAllowed = indexX;indexY srchIndexesDefault = indexX;indexY srchJobsQuota = 6 srchMaxTime = 0 srchTimeWin = 2592000 use_file_operator = enabled
I think you may need rest_apps_management to add apps. We only let admins install apps in prod so cant say for 100%. Below is a list of all capabilities, worse case a little trial and error will get you there.
We have tried that. It allows to install apps through a web interface but it doesn't allow to upload the app files or to manage the apps, namely disable/enable them.
I have played around with configurations, in particular I have found out that if a role is imported like the following:
importRoles = admin
or user, or power role, even if you disable the capabilities afterwards, these are overridden. For example, with the configuration above, even if the following is inserted in the authorize.conf file, it isn't applied.
license_tab = disabled license_edit = disabled
Anyone with similar problem or solution?