I was surprised to find that a user with read-only permissions can delete a report. Surely my Splunk set up is incorrect?
I have an App representing a collection of related reports, alerts, dashboards, etc.
So, I changed the permissions to make the SI populating reports as shared in App and read-only by the App User's role. This does seem to work as it becomes readable, runnable, and yet not saveable. This is exactly what I want but what surprised me is that the read-only user can DELETE the report.
Surely delete should be considered a WRITE operation and not visible, or perhaps some other interaction is allowing this.
Please help me fix this.
Note: This is on Splunk Enterprise 8.0.3 having just upgraded from 7.2.4 3 days ago... perhaps it is a bug?
Hello Mikeydee,
i have exactly the same issue/problem in our splunk environment.
Do you have a solution for this yet?
Regards,
Tobias