I need to create a read only role for admins. We have users with a business case to see all of the settings admins touch, but we don't want these users to have the ability to change anything.
Is this possible? If so, how?
The way to handle this would be to create a new role which has all the list, get and search capabilities. Assign this role to the users
Details on the capabilities and what they do here - https://docs.splunk.com/Documentation/Splunk/7.2.1/Security/Rolesandcapabilities
Please upvote if this helps.