Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to allow a specific new role the capability to install apps?

fernandoandre
Communicator
‎02-06-2015 06:41 AM

After the creation of a new role, with limited capabilities, my question is:
is it possible to allow this role with the capability to install and manage apps?

Basically the users on this role can search, save searches/alerts, build dashboards, but almost nothing else besides these capabilities. However I want this role to be able to install Splunk apps from Splunk App site.
The configuration for the role is similar to the following:

[role_NAME]
change_own_password = enabled
cumulativeRTSrchJobsQuota = 6
cumulativeSrchJobsQuota = 8
pattern_detect = enabled
rest_apps_view = enabled
rest_properties_get = enabled
rtSrchJobsQuota = 4
rtsearch = enabled
schedule_search = enabled
search = enabled
srchDiskQuota = 500
srchIndexesAllowed = indexX;indexY
srchIndexesDefault = indexX;indexY
srchJobsQuota = 6
srchMaxTime = 0
srchTimeWin = 2592000
use_file_operator = enabled
Tags (3)
Reply

thomrs
Communicator
‎02-06-2015 02:52 PM

I think you may need rest_apps_management to add apps. We only let admins install apps in prod so cant say for 100%. Below is a list of all capabilities, worse case a little trial and error will get you there.

http://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities#List_of_available_c...

0 Karma
Reply

fernandoandre
Communicator
‎02-11-2015 08:07 AM

We have tried that. It allows to install apps through a web interface but it doesn't allow to upload the app files or to manage the apps, namely disable/enable them.

I have played around with configurations, in particular I have found out that if a role is imported like the following:

importRoles = admin

or user, or power role, even if you disable the capabilities afterwards, these are overridden. For example, with the configuration above, even if the following is inserted in the authorize.conf file, it isn't applied. 

license_tab = disabled
license_edit = disabled

Anyone with similar problem or solution?

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...