Solved: Splunk role capabilities needed for splunk apply s...

dietschpa · ‎06-01-2017

Hi,

I have to create a splunk role for an "operator" user who must be able of launching the CLI command "splunk apply shcluster-bundle". What capacilities should I have to attribute to this role ?

Thank you for your help,

Patrice

masonmorales · ‎06-01-2017

They need the administer all objects capability.

View solution in original post

goelli · ‎11-13-2018

We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

masonmorales · ‎06-01-2017

They need the administer all objects capability.

Splunk role capabilities needed for splunk apply shcluster-bundle

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability