Capability to assign to user role to view and add ...

apro · ‎06-21-2010

Hi,

What is the capability to assign to a user role so that it is able to access and configure data inputs via "Manager > Data Inputs" ?

"list_inputs" is already in and I've also tried to include "edit_tcp", "edit_udp", "edit_monitor" but the user account is still unable to access data inputs..

Stephen_Sorkin · ‎08-17-2010

These pages are controlled by access control lists on manager objects rather than capabilities on the underlying splunk functionality. We're slowly moving splunkd from a capabilities-based model to an ACL model to better support granular control of various system and user objects.

To make these visible, edit $SPLUNK_HOME/etc/apps/search/metadata/local.meta and add additional roles to the read attributes of the following stanzas:

[manager/datainputstats]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_monitor]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_script]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_tcp_cooked]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_tcp_raw]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_udp]
access = read : [ admin ], write : [ admin ]

cmahan · ‎09-10-2015

Is this still valid? I have no [manager/data...... in that file at all. I do see the individual inputs that I would like my restricted user to have access to.. In my case they are website availability check (web_ping) inputs. I want certain users to be able to add or remove these checks. Can't find a particular capability to add to give view of the checks and ability to edit and do not see corresponding entries to what this article suggests 5 years ago...

tpsplunk · ‎08-09-2012

with some help form splunk support this is now working. I had to do two things- one was make the changes to local.meta as explained by Stephen. It did need to go in the 'search' app. The second was to add the line "edit_monitor = enabled" under the appropriate role stanza in my local/authorize.conf file. after a restart of splunk the users in the edited role were able to use the add data app/button.

tpsplunk · ‎08-01-2012

this did not work for me. I did it a little different- i am using searchead pooling and have a 'searchhead' app that is managed by my deployment server so i edited my searchhead/metadata/local.meta file and distrubuted it. once it showed up on my searchhead i restarted it and had the user try again- no luck. the user in question has a power user role so in each of the stanza's above I changed the access line to be: access = read : [ admin, power ], write : [ admin, power]

tpsplunk · ‎08-01-2012

Hi stephen,
is this still a valid answer for splunk 4.3? or have further improvements been made?

I will test them in my local.meta file and report back

apro · ‎06-22-2010

Have tried restarting splunk services but still the same..

nope..no specific error as well...

jrodman · ‎06-21-2010

I don't know.

Have you restarted and/or reloaded auth? Those sound sufficient, but not sure. Do you get a specific error? This might be better as a support inquiry, if you don't get a quick answer here.

Capability to assign to user role to view and add data inputs

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio