Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk user role restriction

uagraw01
Motivator
2 weeks ago

Hello Splunker!!

Hope all is good.


I have created a new role in a splunk. I have added some users to that role. I need to restrict that role user to not be able to see the "All Configuration" option in the settings.  Please help me, what settings should I change to get my results?

uagraw01_0-1731410048060.png

 

What I have did so far, but nothing works for me.

[role_Splunk_engineer]
list_all_configurations = disabled
edit_configurations = disabled

Thanks in Advance.

Labels (2)
Labels
Tags (1)
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
2 weeks ago

@uagraw01 Please refer this https://docs.splunk.com/Documentation/Splunk/9.3.2/Admin/Authorizeconf

Based on what I see the role might have inherited "admin_all_objects" from a different role. & also check “edit_own_objects” and “list_all_objects” capabilities

[capability::admin_all_objects]

* Lets a user access all objects in the system, such as user objects and
  knowledge objects.
* Lets a user bypass any Access Control List (ACL) restrictions, similar
  to the way root access in a *nix environment does.
* the Splunk platform checks this capability when accessing manager pages and objects.

 
Use this 

 

./splunk btool authorize list role_Splunk_engineer --debug

 






If this helps, please upvote.

Reply

uagraw01
Motivator
2 weeks ago

@sainag_splunk I selected below options, this made the settings hidden but the search option became unavailable to the user? 

uagraw01_0-1731478051077.png

I want below two options also make available to user.

uagraw01_1-1731478191017.png

 

 

0 Karma
Reply

uagraw01
Motivator
a week ago

Is it possible to hide these two options also from the setting in Splunk ? 

uagraw01_0-1731563077787.png

 

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
a week ago

@uagraw01 that is by splunk's default user role and recommended as best practices. That works with rest_properties_get but if you remove that, you will have different issues, I do not recommend that.

You have different ones which are not needed there like Data inputs, Tokens Server Settings these should be handled by admin.

Typical Splunk user role native capabilities.

Screenshot 2024-11-14 at 10.37.30 AM.png








If this helps, please Upvote. 


0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...