All Apps and Add-ons
Highlighted

Splunk ODBC & Tableau Desktop: Why logging in with a "user" role to connect to REST API produces error "Invalid Username or Password"?

Explorer

I am using the latest Splunk ODBC driver (downloaded from https://apps.splunk.com/app/1606/) and the Tableau Desktop versions are 8.2.2 & 8.3. if I logged in as an admin user account (who has "user" & "power" roles), I could successfully connect to the Splunk instance and listed all the "Saved Searches" available. If I logged in as a normal user account (who has only "user" role), an error with "Invalid Username or Password" was produced. This normal user account has access to all non-internal Splunk indexes.

Below are the capabilities between these 2 accounts:

Admin account capabilities:

acceleratedatamodel
admin
allobjects
change
authentication
editdeploymentclient
editdeploymentserver
editdistpeer
editforwarders
edit
httpauths
editinputdefaults
editmonitor
edit
roles
editscripted
edit
searchserver
edit
server
editsplunktcp
edit
splunktcpssl
edit
tcp
editudp
edit
user
editviewhtml
editwebsettings
getdiag
indexes
edit
licenseedit
license
tab
listdeploymentclient
listdeploymentserver
listforwarders
list
httpauths
restappsmanagement
restartsplunkd
run
debugcommands
schedule
rtsearch
acceleratesearch
change
ownpassword
dbx
capable
embedreport
get
metadata
gettypeahead
input
file
listinputs
output
file
requestremotetok
restappsview
restpropertiesget
restpropertiesset
rtsearch
schedule_search
search

Normal user account capabilities:

acceleratesearch
change
ownpassword
dbx
capable
getmetadata
get
typeahead
inputfile
list
inputs
outputfile
request
remotetok
rest
appsview
rest
propertiesget
rest
properties_set
search

The ONLY difference related to REST API from above 2 lists is "restappsmanagement", but I don't see why missing this capability will prevent the normal user account from successfully connecting to REST API interface and list all Saved Searches via Splunk Connector.

Does anyone have any insights about this? Thanks a lot!

0 Karma
Highlighted

Re: Splunk ODBC & Tableau Desktop: Why logging in with a "user" role to connect to REST API produces error "Invalid Username or Password"?

Explorer
0 Karma
Highlighted

Re: Splunk ODBC & Tableau Desktop: Why logging in with a "user" role to connect to REST API produces error "Invalid Username or Password"?

Explorer

The normal user account tried to log in via browser on the following saved search endpoint and could successfully list all saved searches available on the search head:

https://splunk_search_head_url:8089/services/saved/searches

0 Karma
Highlighted

Re: Splunk ODBC & Tableau Desktop: Why logging in with a "user" role to connect to REST API produces error "Invalid Username or Password"?

Splunk Employee
Splunk Employee

Same issue here. It all works if I am signed in as Splunk Admin, but I don't want to give Tableau the keys to the kingdom and all the capabilities associated with connecting to Splunk as "Admin" What are the least capabilities I need associate with a role to make this work?

0 Karma
Highlighted

Re: Splunk ODBC & Tableau Desktop: Why logging in with a "user" role to connect to REST API produces error "Invalid Username or Password"?

Engager

I ran into this same problem with one of my infosec users wanting access to the RestAPI. I created a new role "restapi" and added his account. The only capability I added to the new role was restappsmanagement and this allowed him to log in to the API successfully.

0 Karma