I have created a user which can delete splunk's native user using Rest API.
However, I want to provide the minimal capability to perform such action.
Currently the minimum roles I am able to provide is :
If I add role- 'power' as inheritance, it performs the user removal action.
But I don't want to add 'power' as it also comes with other extra capabilities.
Thanks in advance
The edit_user capability will have the ability to delete the user. You have already granted the capability so no need to add power role. You can control the access via grantable roles in authorize.conf
adminallobjects = enabled
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
dispatchresttoindexers = enabled
editroles = enabled
edituser = enabled
grantableRoles = test;admin;power
restappsview = enabled
restpropertiesget = enabled
restpropertiesset = enabled
srchMaxTime = 8640000
The user with test role will let me delete the user with test, admin and power role.
You can go through splunk doc for further details: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Rolesandcapabilities