Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Do new roles become grantable roles by default in Splunk?

gk6565
New Member
‎01-09-2017 03:28 AM

Do new roles become grantable roles by default in Splunk?

I'm using Splunk 6.4.2.

I have created a delegated admin role with one user (say d_admin for instance). Here is its definition, as given by the splunk cli:

role:       delegated_admin
capabilities:           edit_roles_grantable edit_user rest_apps_view rest_properties_get 
default app:        
grantable_roles:            dashboard_designer;dashboard_viewer 
imported_capabilities:          
imported_roles:         
searchable_indexes:         
default_index:

dashboard_designer and dashboard_viewer are nothing special, I just use them to define permissions on apps and dashboards.

Now, when I log into d_admin and create a new role (e.g new_role), I can see and manage it just as if it was in the grantable_roles list, but it is not. I am not at liberty to test if that survives a cold reboot.

My question here is :

Is that a undocumented feature that I can rely on or is that some sort of bug that will bite me if I trust it?

Regards,
Kiran

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-09-2017 05:55 AM

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

View solution in original post

Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-09-2017 05:55 AM

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top