By including edit_roles_grantable as a capability you have specified that any user assigned to that role will be limited to the capabilities that were included in that role. The result is that all the users who already existed and have been assigned to a role that has MORE capabilities than the role 'Pulsenewuser' will no longer be accessible.
General behavior and configuration guidance for edit_roles_grantable:
In the UI create a role called subadmin [or name of your choice] and make sure the following options are configured:
[role_subadmin]
edit_roles_grantable = enabled
edit_roles = disabled
edit_users = enabled
When the new role is created, the following change will be made in Splunk/etc/system/local/authorize.conf:
grantableRoles = subadmin [you should confirm this - if the entry doesn't match that, make the change. ** After any manual edits of authorize.conf, use Settings > Access control > Authentication method > Reload authentication configuration or changes won’t be applied.]
Configure the subadmin role in the UI to include/exclude the capabilities to meet the specific limitations you want to impose on the subadmin. Create a newadmin user and assign them to the subadmin role. The user newadmin will only be able to see and use the capabilities that are included in the subadmin role.
For example, if you want to remove access to the delete_by_keyword capability, configure the subadmin role as described above but without the delete_by_keyword capability. When the newadmin user logs into Splunk, they will not have that option in their list of capabilities.
