https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140182#M14570 <P>The version of DB Connect I'm using is 1.1.3 with splunk enterprise 6.0.3</P> Wed, 23 Apr 2014 15:38:36 GMT mjones414 2014-04-23T15:38:36Z https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140181#M14569 <P>Ever since upgrading splunk DB connect to a version that supports the dbx_user role I've been working out odd permissions issues and so far I've been able to get most of them sans one.</P> <P>I had a decent handful of db inputs created prior to upgrading to a version of the app with dbx_user defined. I've since retroactively added dbx_user to all the users needing access and they can manage their database connections fine but they cannot create new or modify their existing dbmon inputs whether they are tail or dumps.</P> <P>The error they are receiving is:</P> <PRE><CODE>There was an error retrieving the configuration, can not process this page. </CODE></PRE> <P>Splunk administrators are not having any issues. </P> <P>the current local.meta for db connect is as follows:</P> <PRE><CODE>[] access = read : [ dbx_user, admin ], write : [ admin ] ### Manager ### [manager] export = system [manager/databases] export = system [manager/dbmon] export = system access = read : [ admin , dbx_user ], write : [ admin , dbx_user ] [manager/dblookups] export = system access = read : [ admin ,dbx_user ], write : [ admin ,dbx_user ] ### Commands ### [commands/dbquery] export = system [commands/dbinput] export = system [commands/dbinfo] export = system [commands/dboutput] export = system [commands/dbmonpreview] export = none access = read : [ admin, dbx_user ], write : [ admin ] ### Other settings ### [inputs/dbmon-*] [inputs] access = read : [ dbx_user, admin ], write : [ admin , dbx_user] [transforms] access = read : [ dbx_user, admin ], write : [ admin , dbx_user] [props] export = system [transforms] export = system [eventtypes] export = system [lookups] export = system [searchscripts] export = system [database] access = read : [ dbx_user, admin ], write : [ admin , dbx_user] [dblookup] access = read : [ dbx_user, admin ], write : [ admin , dbx_user] </CODE></PRE> Wed, 23 Apr 2014 15:36:46 GMT https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140181#M14569 mjones414 2014-04-23T15:36:46Z https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140182#M14570 <P>The version of DB Connect I'm using is 1.1.3 with splunk enterprise 6.0.3</P> Wed, 23 Apr 2014 15:38:36 GMT https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140182#M14570 mjones414 2014-04-23T15:38:36Z https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140183#M14571 <P>I think the problem is because creating an input requires the admin_all_objects permission, which as the name implies means having essentially unlimited access.</P> Wed, 23 Apr 2014 17:40:35 GMT https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140183#M14571 araitz 2014-04-23T17:40:35Z https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140184#M14572 <P>Wow.. That's a bummer <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> I wonder if there is any way to work this in as a feature request to have that tied to the dbx_user role...</P> <P>Thank you! I will mark as answered until a way has been discovered. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 23 Apr 2014 17:45:10 GMT https://community.splunk.com/t5/Security/dbmon-permissions-issue/m-p/140184#M14572 mjones414 2014-04-23T17:45:10Z