https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266124#M7285 <P>According to the authorize.conf docs, <CODE>edit_scripted</CODE> lets you edit scripted inputs.</P> <P><CODE>runshellscript</CODE> as a search command is not supported: <A href="http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchReference/Runshellscript">http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchReference/Runshellscript</A></P> Wed, 07 Oct 2015 16:57:13 GMT martin_mueller 2015-10-07T16:57:13Z https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266122#M7283 <P>I have found that the capability 'edit_scripted' is required in order to use "runshellscript"</P> <P>This apparently is undocumented.</P> <P>What else can I do with "edit_scripted"???</P> Wed, 07 Oct 2015 16:22:31 GMT https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266122#M7283 robertlight 2015-10-07T16:22:31Z https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266123#M7284 <P>Hi... I am not sure if this is true for all. I have been running scripts successfully on v6.2.4 with a generic role without "edit_scripted" capability.</P> Wed, 07 Oct 2015 16:37:19 GMT https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266123#M7284 Yasaswy 2015-10-07T16:37:19Z https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266124#M7285 <P>According to the authorize.conf docs, <CODE>edit_scripted</CODE> lets you edit scripted inputs.</P> <P><CODE>runshellscript</CODE> as a search command is not supported: <A href="http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchReference/Runshellscript">http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchReference/Runshellscript</A></P> Wed, 07 Oct 2015 16:57:13 GMT https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266124#M7285 martin_mueller 2015-10-07T16:57:13Z https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266125#M7286 <P>I constructed a role with very few capabilities and could not use runshellscript nor have one of my alerts call a shell script. I added 'edit_scripted' to my pared down role and voila everything started working.</P> <P>Therefore, I'm guessing that it is a needed capability.</P> <P>I would love it if someone from Splunk could actually consult the code to answer this question.</P> Tue, 13 Oct 2015 17:15:57 GMT https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266125#M7286 robertlight 2015-10-13T17:15:57Z https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266126#M7287 <P>perhaps some capabilities are super-sets of edit_scripted? ie: if you have capability "X" then you don't need "edit_scripted".</P> <P>I really wish someone who has access to the splunk code would weigh in here!</P> Tue, 29 Sep 2020 07:37:12 GMT https://community.splunk.com/t5/Security/What-else-can-you-do-with-edit-scripted-capability/m-p/266126#M7287 robertlight 2020-09-29T07:37:12Z