I am trying to define a user role that is able to restart splunk, but is not a full admin.
Right now, the role inherits from power and user. I have also given it the capability of "restart_splunkd."
This is the error I get when I try to go to the server controls page under settings:
Fail: [HTTP 403] Client is not
authorized to perform requested
action;
https://127.0.0.1:8090/services/server/settings/settingsDetails: None
Any suggests on what to add/remove from the role I am creating?
(I say remove because it is inheriting roles that (maybe) prohibit a restart)
Add the below capabilities to custom role:
Even in inheritance of capabilities we dont have "can't capabilities".
Link for all capabilities :
http://docs.splunk.com/Documentation/Splunk/6.2.4/Security/Rolesandcapabilities
If still not working , can you check splunkd logs.
As far as I know, you need "admin_all_object" capability to even see option for "Setting->System->Server Control". And if you add that , you're basically admin. Would be interested in knowing if there are any other options.
Any specific reason you want to give a user Restart but not make him/her admin?