topic Re: Accidently removed permissions from only admin account in Security

Accidently removed permissions from only admin account

jmadsen1 — Wed, 01 Dec 2021 12:39:59 GMT

Hello, I recently messed up the permissions for the only account in my testing environment instance. I no longer have access to search my existing indexes and I cannot seem to re-grant admin level privileges to my account as I do not have the privileges to do so. I have tried to make another account but of course I am unable to give that account the permissions that I need. If there is anyway that I can restore my access please let me know.

Re: Accidently removed permissions from only admin account

isoutamo — Wed, 01 Dec 2021 14:04:23 GMT

If you have revoke role from admin user you can just add it back to passwd file or maybe it's easier to remove that user from passwd and then recreate it as this https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/Secureyouradminaccount

If you have revoke capabilities form role then, probably easiest way is remove etc/system/local/authorize.conf (take backup first if there is something special which you are needing later.

r. Ismo

Re: Accidently removed permissions from only admin account

jmadsen1 — Wed, 01 Dec 2021 14:58:09 GMT

Isoutamo you are my hero, thank you so much!