Hi all,
I have created a user which can delete splunk's native user using Rest API.
However, I want to provide the minimal capability to perform such action.
Currently the minimum roles I am able to provide is :
admin_all_objects
change_authentication
dispatch_rest_to_indexers
edit_roles
edit_user
rest_properties_get
rest_properties_set
schedule_rtsearch
If I add role- 'power' as inheritance, it performs the user removal action.
But I don't want to add 'power' as it also comes with other extra capabilities.
Please help...
Thanks in advance
Hi Harshal,
The edit_user capability will have the ability to delete the user. You have already granted the capability so no need to add power role. You can control the access via grantable roles in authorize.conf
For example:
[role_test]
admin_all_objects = enabled
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
dispatch_rest_to_indexers = enabled
edit_roles = enabled
edit_user = enabled
grantableRoles = test;admin;power
rest_apps_view = enabled
rest_properties_get = enabled
rest_properties_set = enabled
srchMaxTime = 8640000
The user with test role will let me delete the user with test, admin and power role.
You can go through splunk doc for further details: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Rolesandcapabilities
Thanks,
Lavina