How do I define a user role that is able to restar...

krwinters11 · ‎08-18-2015

I am trying to define a user role that is able to restart splunk, but is not a full admin.

Right now, the role inherits from power and user. I have also given it the capability of "restart_splunkd."

This is the error I get when I try to go to the server controls page under settings:

Fail: [HTTP 403] Client is not
authorized to perform requested
action;
https://127.0.0.1:8090/services/server/settings/settings

Details: None

Any suggests on what to add/remove from the role I am creating?
(I say remove because it is inheriting roles that (maybe) prohibit a restart)

jensonthottian · ‎08-18-2015

Add the below capabilities to custom role:

admin_all_objects Access and modify any object in the system (user objects, search jobs, etc.). (Overrides any limits set in the objects.)
Restart_splunkd Restart Splunk through the server control handler.

Even in inheritance of capabilities we dont have "can't capabilities".

Link for all capabilities :

http://docs.splunk.com/Documentation/Splunk/6.2.4/Security/Rolesandcapabilities

If still not working , can you check splunkd logs.

somesoni2 · ‎08-18-2015

As far as I know, you need "admin_all_object" capability to even see option for "Setting->System->Server Control". And if you add that , you're basically admin. Would be interested in knowing if there are any other options.

Any specific reason you want to give a user Restart but not make him/her admin?

How do I define a user role that is able to restart splunk, but is not a full admin?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!