Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Normal User role to access and add Data Inputs in Search Head Server

anandhalagarasa
Path Finder
‎12-08-2017 05:12 AM

Hi Team,

I have recently installed (https://splunkbase.splunk.com/app/1546/#/overview) this app in our search head. But as an admin I can able to navigate to Settings-->Data Inputs-->REST and I can able to provide the inputs.

But as a user role couldn't able to view the Data Inputs itself and he couldn't able to add the Data Inputs in REST API.

So for a user how come we need to provide access to add their Data Inputs in REST API.

Kindly help on this request.

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎12-08-2017 08:04 AM

Try to assign following capabilities to your user role.

edit_monitor - for "Add Data" option show up in the settings menu.
indexes_edit -for users index name show up in the Indexes drop down when uploading the file.
edit_tcp - for actual file upload
search - for previewing the uploaded file.

Please note that a regular user can setup monitoring/upload a huge file, which may have sensitive data and consume a chunk of license. (that's probably the reason they leave the data upload to admins).

0 Karma
Reply

anandhalagarasa
Path Finder
‎12-11-2017 11:25 PM

Thanks for your response.

As mentioned I have added the below stanza for the user role.

edit_tcp = enabled
edit_monitor = enabled
indexes_edit = enabled
search = enabled

And now I can able to see the Data Inputs in the user role with Local inputs .

Under Local Inputs i can able to see a option as Type in that i can able to see "Files & Directories" & "TCP" but I couldn't able to find "REST" in the same.

So what needs to be done so that "REST" is also visible under Local Inputs for user role too.

0 Karma
Reply

anandhalagarasa
Path Finder
‎12-12-2017 04:56 AM

Also i have added the following stanza into it but still REST is not visible so kindly help on this.

edit_rest = enabled

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-12-2017 04:58 AM

Based on my answe if you give admin_all_objects then only it will available to end user which is not recommended.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-08-2017 07:05 AM

Hi @anandhalagarasan,

For testing purpose I have created new role and imported user role and try to assign different capabilities and found that only admin_all_objects capability will allow this and I'll not recommend you to assign this capability for end user because that capability will enable many more feature.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...