role permission

benjiminhugh — Mon, 28 Sep 2020 12:07:05 GMT

I create a role
[role_mmuser]

admin_all_objects = enabled
change_authentication = enabled
edit_deployment_client = enabled
list_deployment_client = enabled
edit_deployment_server = enabled
edit_dist_peer = enabled
edit_forwarders = enabled
edit_httpauths = enabled
edit_input_defaults = enabled
edit_monitor = enabled
edit_roles = enabled
edit_scripted = enabled
edit_search_server = enabled
edit_server = enabled
edit_splunktcp = enabled
edit_splunktcp_ssl = enabled
edit_tcp = enabled
edit_udp = enabled
edit_user = enabled
edit_web_settings = enabled
indexes_edit = enabled
license_edit = enabled
license_tab = enabled
list_forwarders = enabled
list_httpauths = enabled
rest_apps_management = enabled
restart_splunkd = enabled

This enables the windows specific capabilities for admin

edit_win_eventlogs = enabled
edit_win_wmiconf = enabled
edit_win_regmon = enabled
edit_win_admon = enabled
edit_win_perfmon = enabled
list_win_localavailablelogs = enabled
list_pdfserver = enabled
write_pdfserver = enabled

importRoles = power;user
srchIndexesAllowed = ;_
srchIndexesDefault = main;os
srchFilter = *
srchTimeWin = 0
srchDiskQuota = 10000
srchJobsQuota = 50
rtSrchJobsQuota = 100

I have made it the same as admin, but still can't input data?Why and how? Thanks!

Re: role permission

jrodman — Fri, 20 Jul 2012 15:00:36 GMT

If you have a specific role that is identical to admin but yet you cannot do things admin can do, there are two major possibilities.

We have an error where we are keying to the admin role name incorrectly in the python or compiled code
The access information for the views simply refer to the admin role, eg $SPLUNK_HOME/etc/apps/search/metadata/local.meta / default.met

The second scenario is more likely.

topic role permission in Security

role permission

This enables the windows specific capabilities for admin

Re: role permission