Security

New Role Unable to change permissions on saved reports

rlaan
Path Finder

I am attempting to allow for a more granular access to our indexes, i have been attempting to remove the use of the default admin,power,user roles. (which include all non-internal splunk indexes)

The new idea is to have the capabilities of the default roles added into new roles or capabilities groups, with no ability to view indexes associated to them.
capabilities-user
capabilities-power
capabilities-admin

In addition various view roles have been created with no capabilities, they only include access to view indexes adding groups of indexes in a single role, or allowing for a specific user to access 1 index.
view-base hire
view-base security clearance
view-index 5

The issue i have encountered is when assigning a new role with capabilities-user, which i have created with slighty more restricted capabilities then the normal user role, my new role (capabilities-user) is unable to edit the permissions on the saved searches it creates.

I have seen some sites mention not to edit/modify the base user roles, and i wanted to know if it is safe to remove the view all non-internal indexes from the default roles.

My tests showed that if i inherit the base user role to my newer modular role , ex. capabilities-user would inherit user, this allows the users of new role to once again edit the permissions of their saved searches.

What is unique about the default "user" role and why are the abilities to edit your own report permissions not included in the capabilities-user i have created, is their a way to get this functionality without inheriting the default roles?

0 Karma
1 Solution

rlaan
Path Finder

I have managed to get the newly created capabilities roles functioning as expected. the missing component was going into the search application and granting the new roles write access to the application. I am still in the process of searching for documentation outlining the potential impact of allowing write access to an app.

View solution in original post

0 Karma

rlaan
Path Finder

I have managed to get the newly created capabilities roles functioning as expected. the missing component was going into the search application and granting the new roles write access to the application. I am still in the process of searching for documentation outlining the potential impact of allowing write access to an app.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...