I have Splunk 8.0.5:
I am logged into the UI of the search head and have the admin role but I cannot do any of the following:
So on the cluster master we are no t using LDAP for auth but just Splunk accounts and the account i have as the power role. I still cannot see the licensing dashboards.
What level of role/capability to I need (as a minimum) to see this info dash board or is there a read-only type role I could create or use to delegate this capability?
Hi @shocko , the power use role has a lot of privileges. My suggestion is to create a custom user role with only _internal index enabled and assign to the group of users you need to. Or you can only add _internal index to the default user role, but it will be granted to all users to search _internal index, be carefully if you decide to use this option since we avoid to grant access to _internal index to regular users.
To customise your role, please check this document : https://docs.splunk.com/Documentation/Splunk/8.1.0/Security/Rolesandcapabilities
Hi @shocko ,
it is not required to setup the Ldap into your cluster environment, you can continue using the current authentication method.
answering your questions:
For both cases, I would recommend to keep those capabilities assigned to admin user, because the admin users should have the required knowledge to handle the configuration/administration tasks.
if you really want to take the risk and have both capabilities assigned to your role, I recommend to create a new role at a sandbox/dev environment with those capabilities enabled and assign this role to your user only for you to run your tests. If it worked as expected, so replicate to the production environment.
For further information about the roles and capabilities assigned by default to each user, check the link below
I hope my answer can help you, if so, please accept this answer.
Thanks @ivanreis for taking time to reply. I do agree that its important to keep the cluster admin role assigned to true admins but that said, a common request from teams is to allow them to see how much License their apps are consuming as this is dynamic based on event logging etc.
Now is more clear about what you want to achieve. My suggestion is :
- create a new power user role and add _internal index to be searchable on this role. Splunk _internal index provide license information.
- create a dashboard to get the license data from _internal or check this app to see if does fit to your needs https://splunkbase.splunk.com/app/3178/
I hope this help you solve your need.