You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
430 lines
13 KiB
430 lines
13 KiB
5 months ago
|
# Version 9.2.2.20240415
|
||
|
# DO NOT EDIT THIS FILE!
|
||
|
# Changes to default files will be lost on update and are difficult to
|
||
|
# manage and support.
|
||
|
#
|
||
|
# Please make any changes to system defaults by overriding them in
|
||
|
# apps or $SPLUNK_HOME/etc/system/local
|
||
|
# (See "Configuration file precedence" in the web documentation).
|
||
|
#
|
||
|
# To override a specific setting, copy the name of the stanza and
|
||
|
# setting to the file where you wish to override it.
|
||
|
#
|
||
|
# commented out capabilities that are registered by their own components.
|
||
|
# leaving here for educational purposes.
|
||
|
|
||
|
# This file creates roles and sets granular access controls.
|
||
|
|
||
|
# These stanzas list all the capabilities in the system
|
||
|
[capability::accelerate_datamodel]
|
||
|
[capability::admin_all_objects]
|
||
|
[capability::edit_own_objects]
|
||
|
[capability::edit_tokens_settings]
|
||
|
[capability::change_authentication]
|
||
|
[capability::change_audit]
|
||
|
[capability::change_own_password]
|
||
|
[capability::edit_storage_passwords]
|
||
|
[capability::list_storage_passwords]
|
||
|
[capability::delete_by_keyword]
|
||
|
[capability::edit_bookmarks_mc]
|
||
|
[capability::edit_deployment_client]
|
||
|
[capability::list_deployment_client]
|
||
|
[capability::edit_deployment_server]
|
||
|
[capability::list_deployment_server]
|
||
|
[capability::edit_cmd]
|
||
|
[capability::edit_upload_and_index]
|
||
|
[capability::edit_tcp_stream]
|
||
|
[capability::list_dist_peer]
|
||
|
[capability::edit_dist_peer]
|
||
|
[capability::edit_forwarders]
|
||
|
[capability::edit_indexerdiscovery]
|
||
|
[capability::edit_httpauths]
|
||
|
[capability::edit_indexer_cluster]
|
||
|
[capability::edit_input_defaults]
|
||
|
[capability::install_apps]
|
||
|
[capability::edit_local_apps]
|
||
|
[capability::edit_authentication_extensions]
|
||
|
[capability::edit_monitor]
|
||
|
[capability::edit_restmap]
|
||
|
[capability::edit_roles]
|
||
|
[capability::edit_roles_grantable]
|
||
|
[capability::edit_scripted]
|
||
|
[capability::edit_search_server]
|
||
|
[capability::edit_search_head_clustering]
|
||
|
[capability::edit_search_concurrency_all]
|
||
|
[capability::edit_search_concurrency_scheduled]
|
||
|
[capability::edit_search_scheduler]
|
||
|
[capability::edit_search_schedule_priority]
|
||
|
[capability::edit_search_schedule_window]
|
||
|
[capability::list_pipeline_sets]
|
||
|
[capability::list_search_scheduler]
|
||
|
[capability::list_introspection]
|
||
|
[capability::list_settings]
|
||
|
[capability::list_metrics_catalog]
|
||
|
[capability::edit_tokens_all]
|
||
|
[capability::edit_tokens_own]
|
||
|
[capability::list_tokens_own]
|
||
|
[capability::list_tokens_scs]
|
||
|
[capability::edit_server]
|
||
|
[capability::edit_user_seed]
|
||
|
[capability::edit_field_filter]
|
||
|
[capability::view_field_filter]
|
||
|
[capability::edit_sourcetypes]
|
||
|
[capability::edit_splunktcp]
|
||
|
[capability::edit_splunktcp_ssl]
|
||
|
[capability::edit_splunktcp_token]
|
||
|
[capability::edit_statsd_transforms]
|
||
|
[capability::edit_metric_schema]
|
||
|
[capability::edit_tcp]
|
||
|
[capability::edit_udp]
|
||
|
[capability::edit_telemetry_settings]
|
||
|
[capability::edit_user]
|
||
|
[capability::list_all_users]
|
||
|
[capability::list_all_roles]
|
||
|
[capability::edit_view_html]
|
||
|
[capability::edit_web_settings]
|
||
|
[capability::get_metadata]
|
||
|
[capability::get_typeahead]
|
||
|
[capability::get_diag]
|
||
|
[capability::indexes_edit]
|
||
|
[capability::input_file]
|
||
|
[capability::license_edit]
|
||
|
[capability::license_read]
|
||
|
[capability::license_tab]
|
||
|
[capability::license_view_warnings]
|
||
|
[capability::list_all_objects]
|
||
|
[capability::list_forwarders]
|
||
|
[capability::list_indexerdiscovery]
|
||
|
[capability::list_httpauths]
|
||
|
[capability::list_indexer_cluster]
|
||
|
[capability::list_inputs]
|
||
|
[capability::list_search_head_clustering]
|
||
|
[capability::output_file]
|
||
|
[capability::request_remote_tok]
|
||
|
[capability::rest_apps_management]
|
||
|
[capability::rest_apps_view]
|
||
|
[capability::rest_properties_get]
|
||
|
[capability::rest_properties_set]
|
||
|
[capability::restart_splunkd]
|
||
|
[capability::restart_reason]
|
||
|
[capability::rtsearch]
|
||
|
[capability::run_commands_ignoring_field_filter]
|
||
|
[capability::run_debug_commands]
|
||
|
[capability::run_walklex]
|
||
|
[capability::schedule_search]
|
||
|
[capability::metric_alerts]
|
||
|
[capability::schedule_rtsearch]
|
||
|
[capability::search]
|
||
|
[capability::accelerate_search]
|
||
|
[capability::list_accelerate_search]
|
||
|
[capability::embed_report]
|
||
|
[capability::pattern_detect]
|
||
|
[capability::list_token_http]
|
||
|
[capability::edit_token_http]
|
||
|
[capability::web_debug]
|
||
|
[capability::export_results_is_visible]
|
||
|
[capability::edit_server_crl]
|
||
|
[capability::search_process_config_refresh]
|
||
|
[capability::dispatch_rest_to_indexers]
|
||
|
[capability::refresh_application_licenses]
|
||
|
[capability::edit_encryption_key_provider]
|
||
|
[capability::never_lockout]
|
||
|
[capability::never_expire]
|
||
|
[capability::list_health]
|
||
|
[capability::list_health_subset]
|
||
|
[capability::edit_health]
|
||
|
[capability::edit_health_subset]
|
||
|
[capability::request_pstacks]
|
||
|
[capability::edit_watchdog]
|
||
|
[capability::list_workload_pools]
|
||
|
[capability::edit_workload_pools]
|
||
|
[capability::select_workload_pools]
|
||
|
[capability::list_workload_rules]
|
||
|
[capability::edit_workload_rules]
|
||
|
[capability::list_workload_policy]
|
||
|
[capability::edit_workload_policy]
|
||
|
[capability::run_collect]
|
||
|
[capability::run_mcollect]
|
||
|
[capability::list_tokens_all]
|
||
|
[capability::upload_lookup_files]
|
||
|
[capability::upload_mmdb_files]
|
||
|
[capability::create_external_lookup]
|
||
|
[capability::edit_external_lookup]
|
||
|
[capability::apps_restore]
|
||
|
[capability::apps_backup]
|
||
|
[capability::edit_metrics_rollup]
|
||
|
[capability::list_cascading_plans]
|
||
|
[capability::list_remote_output_queue]
|
||
|
[capability::list_remote_input_queue]
|
||
|
[capability::run_msearch]
|
||
|
[capability::delete_messages]
|
||
|
[capability::edit_log_alert_event]
|
||
|
[capability::edit_global_banner]
|
||
|
[capability::fsh_manage]
|
||
|
[capability::fsh_search]
|
||
|
[capability::edit_kvstore]
|
||
|
[capability::use_remote_proxy]
|
||
|
[capability::edit_manager_xml]
|
||
|
[capability::run_dump]
|
||
|
[capability::run_sendalert]
|
||
|
[capability::run_custom_command]
|
||
|
[capability::list_ingest_rulesets]
|
||
|
[capability::edit_ingest_rulesets]
|
||
|
[capability::capture_ingest_events]
|
||
|
[capability::merge_buckets]
|
||
|
[capability::read_internal_libraries_settings]
|
||
|
[capability::edit_web_features]
|
||
|
[capability::rest_access_server_endpoints]
|
||
|
[capability::edit_certificates]
|
||
|
[capability::list_certificates]
|
||
|
[capability::edit_spl2_permissions]
|
||
|
|
||
|
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[default]
|
||
|
# ==== Subsumed roles ====
|
||
|
# ==== Capabilities ====
|
||
|
schedule_rtsearch = enabled
|
||
|
run_collect = enabled
|
||
|
run_mcollect = enabled
|
||
|
edit_own_objects = enabled
|
||
|
list_all_objects = enabled
|
||
|
# ==== Other settings ====
|
||
|
srchDiskQuota = 100
|
||
|
srchJobsQuota = 3
|
||
|
rtSrchJobsQuota = 6
|
||
|
srchMaxTime = 100days
|
||
|
cumulativeSrchJobsQuota = 50
|
||
|
cumulativeRTSrchJobsQuota = 100
|
||
|
srchFilterSelecting = true
|
||
|
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[role_user]
|
||
|
# ==== Subsumed roles ====
|
||
|
# ==== Capabilities ====
|
||
|
change_own_password = enabled
|
||
|
edit_search_schedule_window = enabled
|
||
|
get_metadata = enabled
|
||
|
get_typeahead = enabled
|
||
|
input_file = enabled
|
||
|
list_inputs = enabled
|
||
|
output_file = enabled
|
||
|
upload_lookup_files = enabled
|
||
|
request_remote_tok = enabled
|
||
|
rest_apps_view = enabled
|
||
|
rest_properties_get = enabled
|
||
|
rest_properties_set = enabled
|
||
|
search = enabled
|
||
|
accelerate_search = enabled
|
||
|
list_accelerate_search = enabled
|
||
|
pattern_detect = enabled
|
||
|
list_metrics_catalog = enabled
|
||
|
list_tokens_own = enabled
|
||
|
export_results_is_visible = enabled
|
||
|
run_collect = enabled
|
||
|
run_mcollect = enabled
|
||
|
delete_messages = enabled
|
||
|
run_dump = enabled
|
||
|
run_sendalert = enabled
|
||
|
run_custom_command = enabled
|
||
|
rest_access_server_endpoints = enabled
|
||
|
# ==== Other settings ====
|
||
|
srchIndexesAllowed = *
|
||
|
srchIndexesDefault = main
|
||
|
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[role_can_delete]
|
||
|
# ==== Subsumed roles ====
|
||
|
# ==== Capabilities ====
|
||
|
delete_by_keyword = enabled
|
||
|
# ==== Other settings ====
|
||
|
cumulativeSrchJobsQuota = 0
|
||
|
cumulativeRTSrchJobsQuota = 0
|
||
|
deleteIndexesAllowed = *
|
||
|
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[role_power]
|
||
|
# ==== Subsumed roles ====
|
||
|
importRoles = user
|
||
|
# ==== Capabilities ====
|
||
|
schedule_search = enabled
|
||
|
metric_alerts = enabled
|
||
|
embed_report = enabled
|
||
|
rtsearch = enabled
|
||
|
edit_sourcetypes = enabled
|
||
|
edit_statsd_transforms = enabled
|
||
|
search_process_config_refresh = enabled
|
||
|
edit_log_alert_event = enabled
|
||
|
run_msearch = enabled
|
||
|
run_dump = enabled
|
||
|
run_sendalert = enabled
|
||
|
run_custom_command = enabled
|
||
|
rest_access_server_endpoints = enabled
|
||
|
view_field_filter = enabled
|
||
|
run_commands_ignoring_field_filter = enabled
|
||
|
# ==== Other settings ====
|
||
|
srchIndexesAllowed = *
|
||
|
srchIndexesDefault = main
|
||
|
srchDiskQuota = 500
|
||
|
srchJobsQuota = 10
|
||
|
rtSrchJobsQuota = 20
|
||
|
cumulativeSrchJobsQuota = 100
|
||
|
cumulativeRTSrchJobsQuota = 200
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[role_admin]
|
||
|
# ==== Subsumed roles ====
|
||
|
importRoles = power;user
|
||
|
# ==== Capabilities ====
|
||
|
accelerate_datamodel = enabled
|
||
|
admin_all_objects = enabled
|
||
|
edit_tokens_settings = enabled
|
||
|
change_authentication = enabled
|
||
|
change_audit = enabled
|
||
|
edit_bookmarks_mc = enabled
|
||
|
create_external_lookup = enabled
|
||
|
edit_external_lookup = enabled
|
||
|
edit_deployment_client = enabled
|
||
|
list_deployment_client = enabled
|
||
|
edit_deployment_server = enabled
|
||
|
list_deployment_server = enabled
|
||
|
list_search_head_clustering = enabled
|
||
|
dispatch_rest_to_indexers = enabled
|
||
|
edit_authentication_extensions = enabled
|
||
|
edit_cmd = enabled
|
||
|
edit_upload_and_index = enabled
|
||
|
edit_tcp_stream = enabled
|
||
|
list_dist_peer = enabled
|
||
|
edit_dist_peer = enabled
|
||
|
edit_field_filter = enabled
|
||
|
view_field_filter = enabled
|
||
|
edit_restmap = enabled
|
||
|
edit_forwarders = enabled
|
||
|
edit_indexerdiscovery = enabled
|
||
|
edit_httpauths = enabled
|
||
|
edit_indexer_cluster = enabled
|
||
|
edit_input_defaults = enabled
|
||
|
list_introspection = enabled
|
||
|
edit_local_apps = enabled
|
||
|
edit_monitor = enabled
|
||
|
edit_tokens_own = enabled
|
||
|
edit_roles = enabled
|
||
|
edit_scripted = enabled
|
||
|
edit_search_concurrency_all = enabled
|
||
|
edit_search_head_clustering = enabled
|
||
|
edit_search_server = enabled
|
||
|
edit_search_scheduler = enabled
|
||
|
edit_search_schedule_priority = enabled
|
||
|
edit_tokens_all = enabled
|
||
|
list_tokens_all = enabled
|
||
|
edit_certificates = enabled
|
||
|
list_certificates = enabled
|
||
|
edit_spl2_permissions = enabled
|
||
|
list_indexer_cluster = enabled
|
||
|
list_pipeline_sets = enabled
|
||
|
list_search_scheduler = enabled
|
||
|
list_settings = enabled
|
||
|
edit_server = enabled
|
||
|
edit_user_seed = enabled
|
||
|
edit_splunktcp = enabled
|
||
|
edit_splunktcp_ssl = enabled
|
||
|
edit_splunktcp_token = enabled
|
||
|
edit_tcp = enabled
|
||
|
edit_udp = enabled
|
||
|
edit_telemetry_settings = enabled
|
||
|
edit_user = enabled
|
||
|
edit_view_html = enabled
|
||
|
edit_web_settings = enabled
|
||
|
get_diag = enabled
|
||
|
indexes_edit = enabled
|
||
|
install_apps = enabled
|
||
|
license_edit = enabled
|
||
|
license_tab = enabled
|
||
|
license_view_warnings = enabled
|
||
|
refresh_application_licenses = enabled
|
||
|
list_forwarders = enabled
|
||
|
list_indexerdiscovery = enabled
|
||
|
list_httpauths = enabled
|
||
|
rest_apps_management = enabled
|
||
|
restart_splunkd = enabled
|
||
|
restart_reason = enabled
|
||
|
run_debug_commands = enabled
|
||
|
list_token_http = enabled
|
||
|
edit_token_http = enabled
|
||
|
web_debug = enabled
|
||
|
search_process_config_refresh = enabled
|
||
|
edit_server_crl = enabled
|
||
|
edit_storage_passwords = enabled
|
||
|
list_storage_passwords = enabled
|
||
|
edit_encryption_key_provider = enabled
|
||
|
never_lockout = enabled
|
||
|
never_expire = enabled
|
||
|
list_health = enabled
|
||
|
edit_health = enabled
|
||
|
apps_restore = enabled
|
||
|
apps_backup = enabled
|
||
|
fsh_manage = enabled
|
||
|
fsh_search = enabled
|
||
|
edit_workload_pools = enabled
|
||
|
list_workload_pools = enabled
|
||
|
select_workload_pools = enabled
|
||
|
edit_workload_rules = enabled
|
||
|
list_workload_rules = enabled
|
||
|
list_workload_policy = enabled
|
||
|
edit_workload_policy = enabled
|
||
|
edit_metric_schema = enabled
|
||
|
edit_metrics_rollup = enabled
|
||
|
list_cascading_plans = enabled
|
||
|
list_remote_output_queue = enabled
|
||
|
list_remote_input_queue = enabled
|
||
|
list_ingest_rulesets = enabled
|
||
|
edit_ingest_rulesets = enabled
|
||
|
capture_ingest_events = enabled
|
||
|
edit_log_alert_event = enabled
|
||
|
edit_global_banner = enabled
|
||
|
read_internal_libraries_settings = enabled
|
||
|
edit_web_features = enabled
|
||
|
edit_kvstore = enabled
|
||
|
upload_mmdb_files = enabled
|
||
|
use_remote_proxy = enabled
|
||
|
edit_manager_xml = enabled
|
||
|
merge_buckets = enabled
|
||
|
|
||
|
|
||
|
# ==== Other settings ====
|
||
|
srchIndexesAllowed = *;_*
|
||
|
srchIndexesDefault = main;os
|
||
|
srchFilter = *
|
||
|
srchTimeWin = 0
|
||
|
srchTimeEarliest = 0
|
||
|
srchDiskQuota = 10000
|
||
|
srchJobsQuota = 50
|
||
|
rtSrchJobsQuota = 100
|
||
|
cumulativeSrchJobsQuota = 200
|
||
|
cumulativeRTSrchJobsQuota = 400
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[role_splunk-system-role]
|
||
|
# ==== Subsumed roles ====
|
||
|
importRoles = admin
|
||
|
# ==== Capabilities ====
|
||
|
# ==== Other settings ====
|
||
|
|
||
|
|
||
|
################################################################
|
||
|
################################################################
|
||
|
[tokens_auth]
|
||
|
expiration = +30d
|
||
|
ephemeralExpiration = +1h
|
||
|
disabled = false
|