We're migrating Splunk DB Connect V1 from a dedicated machine to Splunk DB Connect V2 on our search head.
It seems dbxuser used to have far more capabilities (27) out of the box than the new db_connect_admin (23) and db_connect_user (8). On the old server we just had to grant dbx_capable and admin_all_objects.
On such an important server as the SH, you don't want to grant admin_all_objects to DBA's. There is no distinction between db_connect_admin and db_connect_user on creating DB inputs (or even edit current inputs). They simply can't. Not being able to create is not nice, but the db users now can do nothing at all?!
"You have insufficient capabilities to create DB Inputs. Please contact a Splunk Administrator"
How can one assign permissions to a db role so that basis administration can be done in DB Connect by DBA's, without giving them practically admin access to the console? I can't find an object to give permissions on. There should be some isolation possible, one would assume...
have you read through the documentation on the db identities and permissions?
http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Createandmanageidentities#Permissions
http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Configuresecurityandaccesscontrols
have you read through the documentation on the db identities and permissions?
http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Createandmanageidentities#Permissions
http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Configuresecurityandaccesscontrols
The last URL proved what appeared to be the issue; having the DBConnect V1 installation for comparison on the same machine, which used dbx_user and the capabilities set there - it is not a compatible role 😞 When using db_connect_admin there's no issue at all. Migrating/upgrading with a different (admin) role was overseen here, thnx for replying!