Solved: Re: Is there a list of what each privilege/capabil...

davidatpinger · ‎12-10-2018

I've been searching for a list of what each of the user capabilities means - what access it allows, what objects a role with that capability can see/edit/delete, etc. This seems to be a difficult thing to find. The admin guide in the docs mentions capabilities but doesn't have a link to anything like a list of them. Perhaps my Google-fu is insufficient, but this seems to be an obscure thing. Does anyone know of such a list?

prakash007 · ‎12-10-2018

something like this...
http://docs.splunk.com/Documentation/Splunk/7.2.1/Security/Rolesandcapabilities

OR you can run this on search-heads

| rest /services/authentication/users splunk_server=local 
| rename title as user 
| table user capabilities roles

View solution in original post

prakash007 · ‎12-10-2018

something like this...
http://docs.splunk.com/Documentation/Splunk/7.2.1/Security/Rolesandcapabilities

OR you can run this on search-heads

| rest /services/authentication/users splunk_server=local 
| rename title as user 
| table user capabilities roles

davidatpinger · ‎12-10-2018

I'd also like to mention that maybe the admin guide could have a link to the security document, since looking for how to administer users and roles leads naturally to this question.

And - nice search. Of course it's available internally! That does really make a lot of sense. Thanks again!

davidatpinger · ‎12-10-2018

That's perfect. Why is it so hard to find? Maybe Splunk needs to get some more search terms in the metadata.

In any case, thanks very much!

Is there a list of what each privilege/capability permits?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...