I have as user which is unable to build an export in Splunk Hadoop Connect; when he tries to set up an export, he gets an error: Failed to get entity object
. When a user with admin role tries, it works fine, so I assume it's some specific capability missing for the user.
What he tries to do is basically:
* go to the Hadoop Connector app
* click "Build Export"
* define a search
* click "Schedule HDFS Export" button
* give the export a name, make sure an existing Hadoop cluster is selected, etc.
* receive error message
This is what I see in the HadoopConnect.log:
2016-07-13 14:10:27,664 ERROR delegating_handler.py [getEntity] [14] - Failed to get entity object
Traceback (most recent call last):
File "/opt/splunk/etc/apps/HadoopConnect/bin/delegating_handler.py", line 12, in getEntity
return en.getEntity(entityPath, entityName, uri=uri, namespace=self.appName, owner=self.userName, sessionKey=self.getSessionKey())
File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 249, in getEntity
serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 505, in simpleRequest
raise splunk.AuthorizationFailed(extendedMessages=uri)
AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/HadoopConnect/admin/conf-export/_new
Regards
Eivind Olsen
Is this issue resolved ? we are also getting same error (bad http request) while adding the new cluster using user role. I tried adding the rest_apps_management capability too but it did n't work in my case.
any suggestions would be much appreciated.
If I am not mistaken, Splunk allows only Admin role to run the Rest API ( http://dev.splunk.com/restapi ), and since the Hadoop Connect App uses those Rest API you are seeing these errors.
I suspect that your end user does not have the permission to execute the Splunk Rest API. And it looks like the Hadoop Connect App is using Rest API. For example, if you go to Splunk UI - Setting - Roles - Admin you will see the ability to do rest_apps_management, and this capabilities is not part of the User role.
Hm, it's a good suggestion. Unfortunately nothing seems to change when I give the user rest_apps_management capability. These following capabilities are "missing" from this user, compared to an admin user which is able to use that part of Hadoop Connect:
accelerate_datamodel
admin_all_objects
change_authentication
edit_deployment_client
edit_deployment_server
edit_dist_peer
edit_forwarders
edit_httpauths
edit_input_defaults
edit_monitor
edit_roles
edit_scripted
edit_search_server
edit_server
edit_splunktcp
edit_splunktcp_ssl
edit_tcp
edit_udp
edit_user
edit_view_html
edit_web_settings
embed_report
get_diag
indexes_edit
license_edit
license_tab
list_deployment_client
list_deployment_server
list_forwarders
list_httpauths
restart_splunkd
run_debug_commands
use_file_operator
It works if I add "admin_all_objects" to this users role but that does sound like a fairly heavy capability to give.
Does users role have "write" permission in "Haddop Connect" app?
Thanks,
Harshil
Yes, for testing we've set Read / Write for everyone (under App Permissions)