Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the minimum capability for User to delete a native user

harshal_chakran
Builder
‎07-22-2019 08:07 AM

Hi all,
I have created a user which can delete splunk's native user using Rest API.

However, I want to provide the minimal capability to perform such action.

Currently the minimum roles I am able to provide is :

admin_all_objects
change_authentication
dispatch_rest_to_indexers
edit_roles
edit_user
rest_properties_get
rest_properties_set
schedule_rtsearch

If I add role- 'power' as inheritance, it performs the user removal action.
But I don't want to add 'power' as it also comes with other extra capabilities.

Please help...
Thanks in advance

0 Karma
Reply

lmethwani_splun
Splunk Employee
Splunk Employee
‎08-27-2019 05:27 AM

Hi Harshal,

The edit_user capability will have the ability to delete the user. You have already granted the capability so no need to add power role. You can control the access via grantable roles in authorize.conf

For example:
[role_test]
admin_all_objects = enabled
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
dispatch_rest_to_indexers = enabled
edit_roles = enabled
edit_user = enabled
grantableRoles = test;admin;power
rest_apps_view = enabled
rest_properties_get = enabled
rest_properties_set = enabled
srchMaxTime = 8640000

The user with test role will let me delete the user with test, admin and power role.
You can go through splunk doc for further details: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Rolesandcapabilities

Thanks,
Lavina

0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...