Solved: How to create an admin-read-only role?

Glasses · ‎06-23-2020

I have an admin-in-training, that requires access to see everything but NO access to change anything.

I am on version 7.3.3.

Is there a way to create an Admin-read-only role?

If not, any best practices (in splunk enterprise) to audit a user with admin-role, is greatly appreciated.

Thank you

richgalloway · ‎06-23-2020

I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎06-23-2020

I'd start by creating a role that has all of the list* capabilities of an Admin and the edit* capabilities of a Power User. There may be some read accesses blocked by a missing edit capability, but there's not much that can be done about that.

---
If this reply helps you, Karma would be appreciated.

Glasses · ‎06-24-2020

Thank you Rich, checking, will reply with results.

Glasses · ‎06-29-2020

Unfortunately your suggestions work for only a limited number of items.

For instance, I was not able to give the read-only role access to the "access control" settings nor limit app management for the read-only role, the role had full power to disable, etc.

Therefor we will need to audit the confs and give the user full admin.

However, I will accept your answer as it partially worked.

Thank you

How to create an admin-read-only role?

access control

audit

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...