Security

Power user permission to change ownership of objects.

Communicator

I'd like to grant my Power users access to change eventtypes, savedsearches, etc. from private to app-specific/global. It seems that that is only granted to admins?

Tags (1)

Splunk Employee
Splunk Employee

The ability to share objects into an app is controlled by the permissions on the app container.

To allow power users to share eventtypes (for example) into a particular app:

  • Go to Manager > Apps
  • Click on the Permissions link in the Sharing column of the desired app
  • Grant the power role write access to the app

Path Finder

thank you for the response.. so do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)

0 Karma

Splunk Employee
Splunk Employee

do I need to click on each object and then edit the role permission or is there a way I can edit the permission for all the objects at a single go (like if I wanted to edit and give power role for all the 50 + objects)

In my opinion, the most effective way to edit the permissions of a large number of objects, in bulk, is to use some shell/Python scripting plus Splunk's REST API.

See "Example 2" here: http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTUM/RESTusing#Access_Control_List

Also: https://answers.splunk.com/answering/7788/view.html

0 Karma

Champion

Also, once you set the permissions at the app-level to allow Power role write access to the app, all new objects will auto-inherit this setting when you share them. As in, once you click on "Share in app", you'll see the Power role checked for write access.

For existing objects, yes, you'll have to manually update the permissions.

0 Karma

Path Finder

hi, .though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?

0 Karma

Splunk Employee
Splunk Employee

Note: the original question here pertains to the ability to share objects to an app, i.e. move them from private to shared.

The read/write permission on an individual object are a related-but-different matter. That being said ...

though I edited the access permissions of the app to "power " however when I looked into the permission of the objects in the app they still donot have power user read/write... do I need to explicitly check the option in the objects as well ?

Objects within an app only inherit the app-level permission if they lack an explicit permission themselves. This is commonly the case for objects that ship with an app by default.

Objects created via UI, CLI, or REST API typically have explicit permissions. In this case, you must grant write permission on the objects themselves, to make them editable by the desired roles.

0 Karma

Contributor

You might want take a look at documentation for the authorize.conf

( http://www.splunk.com/base/Documentation/latest/Admin/Authorizeconf ).

This document describes the capabilities assigned to the roles.

0 Karma

Contributor

Yea, I just noticed that as well. It looks like that capability gives the user the keys to the kingdom.Not such a good idea for a power user.
But it kind of make sense , you are asking to changing permissions on objects the user does not own.

Communicator

Hmm, the only thing I see in there that may address this is: capability::adminallobjects - but apparently that's like giving root access?