Splunk Enterprise

Splunk user role restriction

uagraw01
Motivator

Hello Splunker!!

Hope all is good.


I have created a new role in a splunk. I have added some users to that role. I need to restrict that role user to not be able to see the "All Configuration" option in the settings.  Please help me, what settings should I change to get my results?

uagraw01_0-1731410048060.png

 

What I have did so far, but nothing works for me.

[role_Splunk_engineer]
list_all_configurations = disabled
edit_configurations = disabled

Thanks in Advance.

Labels (2)
Tags (1)
0 Karma

sainag_splunk
Splunk Employee
Splunk Employee

@uagraw01 Please refer this https://docs.splunk.com/Documentation/Splunk/9.3.2/Admin/Authorizeconf

Based on what I see the role might have inherited "admin_all_objects" from a different role. & also check “edit_own_objects” and “list_all_objects” capabilities

[capability::admin_all_objects]

* Lets a user access all objects in the system, such as user objects and
  knowledge objects.
* Lets a user bypass any Access Control List (ACL) restrictions, similar
  to the way root access in a *nix environment does.
* the Splunk platform checks this capability when accessing manager pages and objects.

 
Use this 

 

./splunk btool authorize list role_Splunk_engineer --debug  

 






If this helps, please upvote.

uagraw01
Motivator

@sainag_splunk I selected below options, this made the settings hidden but the search option became unavailable to the user? 

uagraw01_0-1731478051077.png

I want below two options also make available to user.

uagraw01_1-1731478191017.png

 

 

0 Karma

uagraw01
Motivator

Is it possible to hide these two options also from the setting in Splunk ? 

uagraw01_0-1731563077787.png

 

0 Karma

sainag_splunk
Splunk Employee
Splunk Employee

@uagraw01 that is by splunk's default user role and recommended as best practices. That works with rest_properties_get but if you remove that, you will have different issues, I do not recommend that.

You have different ones which are not needed there like Data inputs, Tokens Server Settings these should be handled by admin.

Typical Splunk user role native capabilities.

Screenshot 2024-11-14 at 10.37.30 AM.png








If this helps, please Upvote. 


0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...