In most cases for students or for different training courses you need to grant admin role with read only rights. Splunk does not offer this role built-in so we will need to create our custom role.
We will create it with the following rights:
- Inherit rights from user role
- Inherit rights from power role
- In capabilities tab assing the following rights:
- accelerate_datamodel
- admin_all_objects
- change_authentication
- list_deployment_client
- list_deployment_server
- list_search_head_clustering
- edit_search_head_clustering
- get_diag
- license_tab
- list_forwarders
- list_httpauths
- rest_apps_management
- restart_splunkd
- run_debug_commands
With this steps done we are ready to assign this role to users.
3 Comments