For those who come to this page looking for an answer how to avoid giving a user admin_all_objects capability, if you only want the user to do a "splunk apply shcluster-bundle"...
We opened a case for this (1165853) and there is a solution:
You can build a custom role for this.
Step 1: Define a new capability and assign it to a role - via authorize.conf
[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled
Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf
[apps-deploy:apps-deploy]
capability.post=deployer_capability
This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.
... View more