Solved: Re: What capabilities are needed to run sendemail ...

chrishartsock · ‎10-18-2017

Hello all,

Certain users in our environment seem to be able to run searches utilizing the "sendemail" command while others cannot. I am assuming this due to differing capabilities assigned to their roles. Does anyone know what capability(s) are required to run "sendemail"?

Thanks,
Chris

chrishartsock · ‎10-19-2017

I did some more digging and it appears that the affected users were getting the following error:
2017-10-18 15:57:21,405 -0400 ERROR sendemail:452 - 'rootCAPath' while sending mail to: xxxxxx@buttercupgames.com

This led me to this question:
https://answers.splunk.com/answers/528832/e-mail-alerts-stopped-working-since-66-upgrade-for.html

As specified, I added the 'list_settings' capability to the role and it fixed the issue.

View solution in original post

chrishartsock · ‎10-19-2017

I did some more digging and it appears that the affected users were getting the following error:
2017-10-18 15:57:21,405 -0400 ERROR sendemail:452 - 'rootCAPath' while sending mail to: xxxxxx@buttercupgames.com

This led me to this question:
https://answers.splunk.com/answers/528832/e-mail-alerts-stopped-working-since-66-upgrade-for.html

As specified, I added the 'list_settings' capability to the role and it fixed the issue.

kamaljagga · ‎09-10-2020

We had upgraded from 7.2.6 to 8.0.5 recently and Adding the role list_Settings didn't work. Kindly advise.

hardikJsheth · ‎10-18-2017

To run |sendmail command you need "search" capability.

chrishartsock · ‎10-18-2017

Okay. Is that the only capability that is needed? If that is the case, then capabilities are not our issue.

What capabilities are needed to run sendemail command?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases