All Apps and Add-ons

Sideview Utils: Internal server error 500 with new custom role - only associated with sideview interfaces

snoobzilla
Builder

Creating a lower access for custom interface built in Sideview... Getting 500 errors in whatever touches Sideview

Working with our internal Splunk engineer to review logs.

Any tips/advice/feedback would be appreciated.

Thanks

sideview
SplunkTrust
SplunkTrust

OK. It's hard to think of something that the Sideview UI modules could be doing that would require a higher set of capabilities than what the other UI systems require, but I certainly believe you. In that case yes I do think you've found a capability that cant really be removed or shouldn't really be removed.

If you get a chance when you revisit this, go ahead and post or email me one of the views and the capability list. I'm interested in investigating a bit locally.

0 Karma

snoobzilla
Builder

It is whenever they go to something using sideview module. I think this is problem with the lower privileged role. We have tabled this for the time being... will circle back when we revisit. Thanks for the feedback.

0 Karma

sideview
SplunkTrust
SplunkTrust

can you expand on "whenever the new role touches Sideview"? When they do what exactly? For example if this means "tries to use the Sideview Editor", that makes perfect sense and I can expand on that. If it means "navigates to a view using a Sideview module", then I'm stumped.

0 Karma

snoobzilla
Builder

Thanks, will do.

PS. Sorry about that intermediate title. Someone changed... it to make it sound like I was asking a totally different question.

0 Karma

sideview
SplunkTrust
SplunkTrust

Well the most common problem with low-privilege roles in Splunk is that they don't have the "rest_properties_get" capability. This means pretty much any request to splunkd will die (such users are little more than passive owners-of-objects). Can you post how you've broken down the capabilities? It might also be "rest_apps_view" or a couple other ones that might seem skippable but are not.

0 Karma

snoobzilla
Builder

It is definitely a problem with the newly defined role and not Sideview itself. This is our first custom lower access role. All other users are fine in and around Sideview... no need to post xml that is working.

Whenever the new role touches Sideview they get a 500 error, directly in Sideview app or attempting to use Sideview based interface in another app.

0 Karma

sideview
SplunkTrust
SplunkTrust

Can you give a little more detail? What does it say when it gives you error 500 (even it's just "Unknown Error")? Does it return a 500 when the user loads the page? or when users dispatch searches? Can you post the XML of the view? There are a number of 500 errors that boil down to something simple being accidentally omitted from the XML (and Splunk's framework having had some regressions over proper error state handling).

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...