Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Readonly access to view access controls

saad_siddiqi
Path Finder
‎08-06-2013 07:48 PM

Hi,

The IT security guy here wants to review the splunk roles/users. I there any way by which I can give him access to Access Controls without giving the admin role.

Thanks

Tags (1)
0 Karma
Reply

jtacy
Builder
‎08-07-2013 08:13 PM

For a self-service solution, maybe giving him read access to Splunk on Splunk would work; its Configuration File Viewer feature is great and it would allow him to see config files for search peers as well.

However, it's not clear whether some of the scripts in S.o.S might expose some undesirable functions; maybe someone from Splunk can comment on how safe it is to present S.o.S to non-admin users. On my installs it defaulted to "Everyone" read/write; I later changed that, but hopefully it is safe by default.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-06-2013 10:28 PM

You could simply use "splunk cmd btool authorize.conf list" and give him the output of that, which will show the role definitions.

Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...

Enterprise Security Content Update (ESCU) | New Releases

In March, the Splunk Threat Research Team had 2 releases of security content via the Enterprise Security ...

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!

The Splunk Developer Program is launching in beta, and we’re celebrating with an exciting hackathon! This is ...
li.common.scroll-to.top