Security

How users without read permission on Search App can change their password?

marco_sulla
Path Finder

I disabled for a particular role the read permission on search app. The problem is users with that role can't change their password; in Edit Account you can see nothing.

How can I disable the search app and continue to allow users with that role to change their settings?

0 Karma
1 Solution

Yasaswy
Contributor

Hi,
The UIs for user password changes by default are stored within the "search" app. So when you remove the read access to this app there is no way to render the ui for that user. Try copying the xml from the default search app.... usually:
$SPLUNK_HOME/search/default/data/ui/manager/authentication_change_user_password.xml to the default app set for the specific user role. Use the same path ... create "manager" dir if necessary.

Also assuming that your user role has the change_own_password capability set... as it seems like it was working before. Hopefully this should fix the issue for you.

View solution in original post

Yasaswy
Contributor

Hi,
The UIs for user password changes by default are stored within the "search" app. So when you remove the read access to this app there is no way to render the ui for that user. Try copying the xml from the default search app.... usually:
$SPLUNK_HOME/search/default/data/ui/manager/authentication_change_user_password.xml to the default app set for the specific user role. Use the same path ... create "manager" dir if necessary.

Also assuming that your user role has the change_own_password capability set... as it seems like it was working before. Hopefully this should fix the issue for you.

marco_sulla
Path Finder

It doesn't work. It seems Splunk uses only the page located under the search app, it doesn't search for "alternatives".

0 Karma

Yasaswy
Contributor

I just did a quick test and it did work on my side. Notice that when you set a default app for the role the url automatically changes for that app. Eg:
http://ursplunk/en-US/manager/**search**/authentication/changepassword/admin?action=edit
vs
http://ursplunk/en-US/manager/**launcher**/authentication/changepassword/test?action=edit

This is what I did if it can help:

  1. Created a new role "testr"
  2. Made this role has no read access to any apps except the "launcher"
  3. Gave this role the exact same capabilities of the "user" role (did not inherit the role but explicitly selected the capabilities)
  4. copied the xml file
    cd $SPLUNK_HOME/etc/apps/launcher/default/data/ui/
    mkdir manager
    cd manager
    cp -v $SPLUNK_HOME/etc/apps/search/default/data/ui/manager/authentication_change_user_password.xml .

  5. Added a user "test" and assigned the role "testr"

  6. Made sure "launcher" was set as his default app.

  7. restarted splunk $SPLUNK_HOME/bin/splunk restart

  8. Logged in as test user and tried the "edit account" was successfully presented the option to change.

marco_sulla
Path Finder

You're right, I missed to change the default app. And since I'm on Linux I could create a soft link to authentication_change_user_password.xml.
Alternatively I could also add the link to all the apps the role can use and see, as well as the launcher one.
I think that if I'll have time I'll create a custom "Edit Account" page using Python SDK, since the app is a django app and we added custom user preferences.

0 Karma

ndsouza25
New Member

Thank you! Ran into this problem today while trying to restrict permissions for users to only have access to my app, but also have the ability to change their password. This worked great!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...