Security

Read-Only role/user

phpguy_80
Loves-to-Learn

How to make a read-only user/role? 

Try to make a new role, but it inherited capabilities from defaults roles. Any suggestions? 

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @phpguy_80,

it's easy, don't use inheritaton, give to your new user only the requested capabilities without using inheritation.

Ciao.

Giuseppe

0 Karma

phpguy_80
Loves-to-Learn

Oh okay, thought I had to select an existing role, I didn't realize I could just skip that part 🙂

So now, which capabilities should I select to allow for a read-only role? 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @phpguy_80,

in few words, Splunk don't permit to modify indexed data, so you have only to disable (or not enable) capabilities as knowledge objects creation or modify and log delete.

So you could start to enable:

  • change_own_password
  • rtsearch (only if user must be enabled to Real Time Searches)
  • search

I don't know what your Apps contain, so e.g. if you have a dashboard that lists Deployment Clients using a REST command, you have to enable a specific feature as "rest_properties_get".

As I said, remember to enable the correct Indexes.

Ciao.

Giuseppe

0 Karma

venkatasri
Influencer

Hi @phpguy_80 

under capabilities tab you can select 'search' for read only to selected indexes. 'schedule_search' if you wish allow the user  to schedule searches. Created role shall be assigned to user you wish to allow read permissions.

---

An upvote would be appreciated if this reply helps!

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @phpguy_80,

when you create a new role, skip the first tab (Inheritance) and go directly the the second one (Capabilities), enabling the ones you need.

Remember to enable Indexes otherwise this role will not see anything!

Ciao.

Giuseppe

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!