Security

How to create an admin-read-only role?

Glasses
Builder

I have an admin-in-training, that requires access to see everything but NO access to change anything.

I am on version 7.3.3.

Is there a way to create an Admin-read-only role?

If not, any best practices (in splunk enterprise) to audit a user with admin-role, is greatly appreciated.

 

Thank you

Labels (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust
I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust
I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.
---
If this reply helps you, Karma would be appreciated.
0 Karma

Glasses
Builder

Thank you Rich, checking, will reply with results.

0 Karma

Glasses
Builder

Unfortunately your suggestions work for only a limited number of items.

For instance, I was not able to give the  read-only role access to the "access control" settings nor limit app management for the read-only role, the role had full power to disable, etc.

Therefor we will need to audit the confs and give the user full admin.

However, I will accept your answer as it partially worked.

 

Thank you

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...