Splunk Cloud Platform

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Release Notes and Updates Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Release Notes and Updates Supported Add-ons

Splunk Cloud Platform

Splunk Cloud Platform Contents

Get Started

Administer

Manage Users and Security

10.1.2507

Manage Splunk platform users and roles

Search

Manage Knowledge Objects

Leverage REST APIs

Release Notes

Analytics and Insights

Create Dashboards and Reports

Alert and Respond

Apply Machine Learning

Data Sources

Get Data In

Ingest Data from Cloud Services

Forward and Process Data

Process Data at the Edge

Process Data at Ingest Time

Collect Stream Data

Connect Relational Databases

Common Information Model

InfoSec App for Splunk

Splunk Edge Hub OS

Splunk OT Intelligence

Splunk Edge Hub Mobile App

Splunk Mobile for Android

Splunk Mobile for iOS

REST API Reference

SPL Search Reference

Splunk Validated Architectures

Developing Views and Apps for Splunk Web

MCP Server for Splunk Platform

Remove authorization policies in Splunk Web

When you remove an authorization policy from a capability, you restore that capability to its former scope.

To remove authorization policies for a capability on the Splunk platform, you must run a version of the Splunk platform that supports the editing and removal of authorization policies. You must also hold a role that contains the edit_policies capability.

After you delete an authorization policy, you must re-create it and perform the proper role and capability mappings for it to function again.

Log into your Splunk platform instance as an administrator user or equivalent.
From the system bar, select Settings > Policy Management. The Policy Management page loads.
In the Policy Management page, select the button with three vertical dots in the row for the policy that you want to change. In the menu that pops up, select Delete. Splunk Web immediately deletes the policy.
CAUTION: Be careful when deleting policies, as you cannot undo this action.

After you delete an authorization policy, any mappings that include the policy are no longer valid, and the capabilities that the policy modified are restored to their former scope. To limit the scope of the affected capabilities again, you must create new authorization policies.

Last updated: October 22, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Release Notes and Updates

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.