I'd like to grant my Power users access to change eventtypes, savedsearches, etc. from private to app-specific/global. It seems that that is only granted to admins?
The ability to share objects into an app is controlled by the permissions on the app container.
To allow power users to share eventtypes (for example) into a particular app:
thank you for the response.. so do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)
do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)
In my opinion, the most effective way to edit the permissions of a large number of objects, in bulk, is to use some shell/Python scripting plus Splunk's REST API.
See "Example 2" here: http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTUM/RESTusing#Access_Control_List
Also, once you set the permissions at the app-level to allow Power role write access to the app, all new objects will auto-inherit this setting when you share them. As in, once you click on "Share in app", you'll see the Power role checked for write access.
For existing objects, yes, you'll have to manually update the permissions.
hi, .though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?
Note: the original question here pertains to the ability to share objects to an app, i.e. move them from private to shared.
The read/write permission on an individual object are a related-but-different matter. That being said ...
though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?
Objects within an app only inherit the app-level permission if they lack an explicit permission themselves. This is commonly the case for objects that ship with an app by default.
Objects created via UI, CLI, or REST API typically have explicit permissions. In this case, you must grant write permission on the objects themselves, to make them editable by the desired roles.
You might want take a look at documentation for the authorize.conf
( http://www.splunk.com/base/Documentation/latest/Admin/Authorizeconf ).
This document describes the capabilities assigned to the roles.
Yea, I just noticed that as well. It looks like that capability gives the user the keys to the kingdom.Not such a good idea for a power user.
But it kind of make sense , you are asking to changing permissions on objects the user does not own.
Hmm, the only thing I see in there that may address this is: capability::admin_all_objects - but apparently that's like giving root access?