Hi.
I am trying to submit events, from a scripted input, with user 'nobody'

I am getting this error:

HTTP 403 Forbidden -- insufficient permission to access this resource

In order to submit my events I did the following:

Set tup my script in inputs.conf like this

[script://$SPLUNK_HOME/etc/apps/my_app/bin/my_script.py]
disabled = false
index = my_index
interval = * * * * *
sourcetype = generic_single_line
passAuth = nobody

As explained in the documentation, http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf
I am getting an auth token for my script.

passAuth = <username>
* User to run the script as.
* If you provide a username, the instance generates an auth token for that
  user and passes it to the script via stdin.

I am using the generated auth_token on my script like this.

    service = client.Service(token=auth_token, app='my_app') 
    index = service.indexes["my_index"]    
    index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source")

I also tried:

    kwargs = {"owner":"nobody","app":"my_app","token":auth_token}
    service = client.connect(**kwargs)  
    index = service.indexes["my_index"]    
    index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source")

None of them work, as soon as it reaches the line: index.submit(), it throws the HTTP 403 Forbidden error.

If I change the 'nobody' user to any other user, even a user with USER role, it works well. But I am required to make my script work with the 'nobody' one.

Any ideas on what I'm doing wrong ?