I've been searching for a list of what each of the user capabilities means - what access it allows, what objects a role with that capability can see/edit/delete, etc. This seems to be a difficult thing to find. The admin guide in the docs mentions capabilities but doesn't have a link to anything like a list of them. Perhaps my Google-fu is insufficient, but this seems to be an obscure thing. Does anyone know of such a list?
something like this...
http://docs.splunk.com/Documentation/Splunk/7.2.1/Security/Rolesandcapabilities
OR you can run this on search-heads
| rest /services/authentication/users splunk_server=local
| rename title as user
| table user capabilities roles
something like this...
http://docs.splunk.com/Documentation/Splunk/7.2.1/Security/Rolesandcapabilities
OR you can run this on search-heads
| rest /services/authentication/users splunk_server=local
| rename title as user
| table user capabilities roles
I'd also like to mention that maybe the admin guide could have a link to the security document, since looking for how to administer users and roles leads naturally to this question.
And - nice search. Of course it's available internally! That does really make a lot of sense. Thanks again!
That's perfect. Why is it so hard to find? Maybe Splunk needs to get some more search terms in the metadata.
In any case, thanks very much!