topic Re: Capability to assign to user role to view and add data inputs in Security

Capability to assign to user role to view and add data inputs

apro — Mon, 21 Jun 2010 15:02:57 GMT

Hi,

What is the capability to assign to a user role so that it is able to access and configure data inputs via "Manager > Data Inputs" ?

"list_inputs" is already in and I've also tried to include "edit_tcp", "edit_udp", "edit_monitor" but the user account is still unable to access data inputs..

Re: Capability to assign to user role to view and add data inputs

jrodman — Tue, 22 Jun 2010 01:44:59 GMT

I don't know.

Have you restarted and/or reloaded auth? Those sound sufficient, but not sure. Do you get a specific error? This might be better as a support inquiry, if you don't get a quick answer here.

Re: Capability to assign to user role to view and add data inputs

apro — Tue, 22 Jun 2010 09:19:19 GMT

Have tried restarting splunk services but still the same..

nope..no specific error as well...

Re: Capability to assign to user role to view and add data inputs

Stephen_Sorkin — Wed, 18 Aug 2010 00:44:08 GMT

These pages are controlled by access control lists on manager objects rather than capabilities on the underlying splunk functionality. We're slowly moving splunkd from a capabilities-based model to an ACL model to better support granular control of various system and user objects.

To make these visible, edit $SPLUNK_HOME/etc/apps/search/metadata/local.meta and add additional roles to the read attributes of the following stanzas:

[manager/datainputstats]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_monitor]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_script]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_tcp_cooked]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_tcp_raw]
access = read : [ admin ], write : [ admin ]

[manager/data_inputs_udp]
access = read : [ admin ], write : [ admin ]

Re: Capability to assign to user role to view and add data inputs

tpsplunk — Wed, 01 Aug 2012 18:12:44 GMT

Hi stephen,
is this still a valid answer for splunk 4.3? or have further improvements been made?

I will test them in my local.meta file and report back

Re: Capability to assign to user role to view and add data inputs

tpsplunk — Wed, 01 Aug 2012 19:52:29 GMT

this did not work for me. I did it a little different- i am using searchead pooling and have a 'searchhead' app that is managed by my deployment server so i edited my searchhead/metadata/local.meta file and distrubuted it. once it showed up on my searchhead i restarted it and had the user try again- no luck. the user in question has a power user role so in each of the stanza's above I changed the access line to be: access = read : [ admin, power ], write : [ admin, power]

Re: Capability to assign to user role to view and add data inputs

tpsplunk — Thu, 09 Aug 2012 22:40:43 GMT

with some help form splunk support this is now working. I had to do two things- one was make the changes to local.meta as explained by Stephen. It did need to go in the 'search' app. The second was to add the line "edit_monitor = enabled" under the appropriate role stanza in my local/authorize.conf file. after a restart of splunk the users in the edited role were able to use the add data app/button.

Re: Capability to assign to user role to view and add data inputs

cmahan — Thu, 10 Sep 2015 16:52:35 GMT

Is this still valid? I have no [manager/data...... in that file at all. I do see the individual inputs that I would like my restricted user to have access to.. In my case they are website availability check (web_ping) inputs. I want certain users to be able to add or remove these checks. Can't find a particular capability to add to give view of the checks and ability to edit and do not see corresponding entries to what this article suggests 5 years ago...