https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459862#M56590 <P>Through trial and error, discovered that you need to add <STRONG>admin_all_objects</STRONG> permissions to all users that use this feature. This appears to be something fairly new and, IMO kinda dangerous.</P> Tue, 29 Sep 2020 21:56:23 GMT sharkannon 2020-09-29T21:56:23Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459861#M56589 <P>Since upgrading to splunk 7.2.0 (we were on 7.0.0 before), Alerts that were created by non admin users that use the "For each result" trigger for alerts don't seem to go through with the splunk plugin.</P> <P>We tried attaching both the slack alert and the email alerts, and users receive the emails correctly, but the slack alerts "disappear". I can assign the alert to a user with Admin OR promote the user to Admin and the alert seems to start working fine.</P> <P>Do you know what permissions I may need to update our users with, or if this is a bug in the app?</P> <P>The only thing I can see that MAY coincide is an error that says:</P> <PRE><CODE>Error in 'sendalert' command: sendmodalert: Cannot access results_file: '/opt/splunk/var/run/splunk/dispatch/scheduler__USER__search__testalert_at_1541565840_19/per_result_alert/tmp_5.csv.gz'. Permission denied. </CODE></PRE> <P>Other than that I can't seem to find anything in the logs that may be associated. File permissions and everything are correct.</P> Wed, 07 Nov 2018 05:02:07 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459861#M56589 sharkannon 2018-11-07T05:02:07Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459862#M56590 <P>Through trial and error, discovered that you need to add <STRONG>admin_all_objects</STRONG> permissions to all users that use this feature. This appears to be something fairly new and, IMO kinda dangerous.</P> Tue, 29 Sep 2020 21:56:23 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459862#M56590 sharkannon 2020-09-29T21:56:23Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459863#M56591 <P>If it used to work and now doesn't, you should file a support case.</P> Wed, 07 Nov 2018 18:20:27 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459863#M56591 richgalloway 2018-11-07T18:20:27Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459864#M56592 <P>Any update on this? We are running into the same issue with 7.2.1. This is a serious issue if users need the AAO capability to do this.</P> Wed, 09 Jan 2019 13:29:21 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459864#M56592 paimonsoror 2019-01-09T13:29:21Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459865#M56593 <P>For those wondering, this was introduced in 7.2.1 and is apparently resolved in 7.2.4</P> <P>See <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/ReleaseNotes/Knownissues">https://docs.splunk.com/Documentation/Splunk/7.2.3/ReleaseNotes/Knownissues</A> - SPL-163315 &amp; SPL-163882</P> Fri, 08 Feb 2019 02:21:10 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Slack-Notification-Alert-Seem-to-require-admin-privlidges-to/m-p/459865#M56593 serialmonkey 2019-02-08T02:21:10Z