Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the capabilities required for a role/user to apply shcluster-bundle from deployer server?

manjunathmeti
Champion
‎08-31-2018 02:42 AM

We need to create a role on deployer server to create the users since admin access is blocked. What are the capabilities required for a role to apply shcluster-bundle from deployer server using below command?

/splunkdrive/splunk/bin/splunk apply shcluster-bundle --answer-yes -auth <user>:<user_pwd> -target https://<SEARCH_HEAD_IP>:8089
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:03 AM

We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎08-31-2018 03:20 AM

maybe, check these..
http://docs.splunk.com/Documentation/Splunk/6.1.7/Admin/authorizeconf

  [capability::edit_deployment_client]
            * Self explanatory. The deployment client admin endpoint requires this cap for edit.

    [capability::list_deployment_client]
            * Self explanatory.

    [capability::edit_deployment_server]
            * Self explanatory. The deployment server admin endpoint requires this cap for edit.

    [capability::list_deployment_server]
            * Self explanatory.
0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎08-31-2018 03:48 AM

I added these capabilities and checked but it's not working. I get below error:
insufficient permission to access this resource

I've also added all the capabilities to the user except admin_all_objects , still getting the same error. Looks like admin_all_objects is required for applying shcluster-bundle from deployer server. But providing admin_all_objects to a user is like making that user an admin.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...