- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Glasses
Builder
06-23-2020
01:02 PM
I have an admin-in-training, that requires access to see everything but NO access to change anything.
I am on version 7.3.3.
Is there a way to create an Admin-read-only role?
If not, any best practices (in splunk enterprise) to audit a user with admin-role, is greatly appreciated.
Thank you
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

richgalloway

SplunkTrust
06-23-2020
01:14 PM
I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

richgalloway

SplunkTrust
06-23-2020
01:14 PM
I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Glasses
Builder
06-24-2020
07:05 AM
Thank you Rich, checking, will reply with results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Glasses
Builder
06-29-2020
06:10 AM
Unfortunately your suggestions work for only a limited number of items.
For instance, I was not able to give the read-only role access to the "access control" settings nor limit app management for the read-only role, the role had full power to disable, etc.
Therefor we will need to audit the confs and give the user full admin.
However, I will accept your answer as it partially worked.
Thank you
