Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Do new roles become grantable roles by default in Splunk?

gk6565
New Member
‎01-09-2017 03:28 AM

Do new roles become grantable roles by default in Splunk?

I'm using Splunk 6.4.2.

I have created a delegated admin role with one user (say d_admin for instance). Here is its definition, as given by the splunk cli:

role:       delegated_admin
capabilities:           edit_roles_grantable edit_user rest_apps_view rest_properties_get 
default app:        
grantable_roles:            dashboard_designer;dashboard_viewer 
imported_capabilities:          
imported_roles:         
searchable_indexes:         
default_index:

dashboard_designer and dashboard_viewer are nothing special, I just use them to define permissions on apps and dashboards.

Now, when I log into d_admin and create a new role (e.g new_role), I can see and manage it just as if it was in the grantable_roles list, but it is not. I am not at liberty to test if that survives a cold reboot.

My question here is :

Is that a undocumented feature that I can rely on or is that some sort of bug that will bite me if I trust it?

Regards,
Kiran

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-09-2017 05:55 AM

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

View solution in original post

Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-09-2017 05:55 AM

Hi gk6565,

It really depends on from which roles(s) your new role inherits from.
Among the system built-in roles, only admin has the edit_roles_grantable Capability by default.
If you want to separate and delegate administration tasks between sys-admins and data admins without granting full admin role, restrict grantable capabilities only to the level sub-admins. After you add the edit_roles_grantable capability to the sub-admin role, the role can only create roles with subset of the capabilities that the current user role has.
For example:
Add new role user_admin by inheriting from power and user, and assigning the following capabilities to the role:

  • edit_roles_grantable
  • edit_user

Users in this roles can only assign limited roles to users.

Hope it helps. Thanks!
Hunter

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...