https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459940#M10719 <P>We've got a special role for non-admin security team members and I'd like some of them to be able to use Forwarder Management (in the Settings menu) to add new clients to a Server Class. I can't figure out what the required Capabilities are that need to be added to their role.</P> Fri, 02 Nov 2018 23:10:51 GMT wrangler2x 2018-11-02T23:10:51Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459940#M10719 <P>We've got a special role for non-admin security team members and I'd like some of them to be able to use Forwarder Management (in the Settings menu) to add new clients to a Server Class. I can't figure out what the required Capabilities are that need to be added to their role.</P> Fri, 02 Nov 2018 23:10:51 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459940#M10719 wrangler2x 2018-11-02T23:10:51Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459941#M10720 <P>I personally never gave that capability to anyone. But you could try edit_deployment_client, edit_deployment_server, list_deployment_server capabilities.</P> Tue, 29 Sep 2020 21:56:54 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459941#M10720 Rob2520 2020-09-29T21:56:54Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459942#M10721 <P>In order to edit the Server Classes you need to have <STRONG>edit_deployment_server</STRONG> turned on. This allows creating/editing Server Classes, adding an app to the Server Class, and editing the client list. I did not have to enable <STRONG>edit_deployment_client</STRONG> for these functions, which is what I want this person to do be able to do, so I have left that off. I also enabled <STRONG>list_deployment_client</STRONG> and <STRONG>list_deployment_server</STRONG>.</P> Tue, 29 Sep 2020 21:55:01 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459942#M10721 wrangler2x 2020-09-29T21:55:01Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459943#M10722 <P>I downvoted this post because not working fully as it should.</P> Mon, 05 Nov 2018 22:15:59 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459943#M10722 wrangler2x 2018-11-05T22:15:59Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459944#M10723 <P>With the three I mentioned above, he was able to add systems to the whitelist of clients in a Server Class, and he was able to create a new Server Class. However, he was not able to add an application to the new Server Class. I added back in the edit_deployment_client but this made no difference. It throws the following error when you try to save after editing settings and a similar one when trying to add an app:</P> <PRE><CODE>User 'cinders' with roles { cinders, user, user_oit_security } cannot write: /nobody/system/serverclass/serverClass:OIT_SC_winevent_index_ADFS:app:OIT_DA_winevent_index_ADFS/restartSplunkWeb { read : [ * ], write : [admin ] }, removable: no </CODE></PRE> Tue, 29 Sep 2020 21:55:12 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459944#M10723 wrangler2x 2020-09-29T21:55:12Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459945#M10724 <P>I have the same issue. It looks like the "edit_deployment_server" capability should confer this permission, but it doesn't. It looks like this could be worked-around by editing some metadata (which one, I wonder, $SPLUNK_HOME/etc/system/metadata/local.meta?), and adding the proper role at some level. But I don't want to mess with that. I want the capability to work the way you'd expect.</P> Wed, 30 Sep 2020 00:06:48 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/459945#M10724 kscher 2020-09-30T00:06:48Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/544943#M12162 <P>Creating a specific role to manage deployment servers&nbsp; serverclass&nbsp; I experienced the same issue with&nbsp;</P><LI-CODE lang="markup">User 'ds_user' with roles { ds_role, ds_user, user } cannot write: /nobody/system/serverclass/serverClass:My_server_class:app:my_app/restartSplunkWeb { read : [ * ], write : [ admin ] }, removable: no</LI-CODE><P>The ds_role has the capabilities:<BR />edit_deployment_client,<BR />edit_deployment_server,<BR />list_deployment_client<BR />list_deployment_server<BR /><BR />To be able to add an app to a serverclass the only option was to give the capability&nbsp;admin_all_objects. Which effectively would make&nbsp;ds_role users admins.&nbsp;&nbsp;</P><P>To avoid this our workaround was to edit&nbsp;/opt/splunk/etc/system/metadata/local.meta to grant write privilege for ds_role to serverclass objects</P><LI-CODE lang="markup">#On Deployment Server #/opt/splunk/etc/system/metadata/local.meta [serverclass] access = write : [ admin, ds_role ] export = system</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 23 Mar 2021 14:27:20 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/544943#M12162 srauhala_splunk 2021-03-23T14:27:20Z https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/596744#M16081 <P>Hello,</P><P>I wonder if there is an answer to that question ?</P><P>I'm stuck on it as well.</P><P>Thanks,</P><P>Ema</P> Fri, 06 May 2022 13:57:39 GMT https://community.splunk.com/t5/Security/What-capabilities-are-needed-for-a-non-admin-user-to-update/m-p/596744#M16081 emallinger 2022-05-06T13:57:39Z