- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Is it possible to devolve access to DMC to users o...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to devolve access to DMC to users other than admin role users?
Hi - I've been trying to test to see if it is possible to provide access to the DMC to a role outside of a Splunk Administrator user.
I'm trying to create a role which would be used solely to monitor the state of the instance yet not give full admin rights.
I've granted the role read and write access to the DMC application and a member of the role can see the app however when logging on as said user and looking at the instances all hosts are showing as 'Unreachable'. Logging on as an admin shows the instances as being 'Up'.
I've increased the rights of the lesser role to have admin_all_rights and the role can see all internal and non-internal indexes however this one issue still persists?
Any ideas on what else I need to change to correct this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi 340213,
you can create a new role with these settings:
[role_mc-users]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
dispatch_rest_to_indexers = enabled
importRoles = power;user
license_tab = enabled
list_deployment_client = enabled
list_deployment_server = enabled
list_forwarders = enabled
list_health = enabled
list_httpauths = enabled
list_indexer_cluster = enabled
list_indexerdiscovery = enabled
list_search_head_clustering = enabled
list_search_scheduler = enabled
list_settings = enabled
rest_properties_get = enabled
list_health = enabled
rest_apps_view = enabled
list_indexer_cluster = enabled
list_search_head_clustering = enabled
edit_dist_peer = enabled
srchIndexesAllowed = _*
srchIndexesDefault = _*
srchMaxTime = 0
and allow this role read access to the Monitoring Console app. This will do the task.
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Managed to work this out with a bit of testing...
I created a role based on the Splunk power user role, provided read/write permissions to the application and added the following capabilities:
- edit_dist_peer
- license_edit
This has allowed all graphs to display correctly and all instances are now showing as Up.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i couldnt get this to work. could you be a bit more precise with your steps please and/or post code?
i've tried everything - also added "admin_all_objects" capabilities as suggested in the DMC app guide - but that neither works for me or makes any real sense:
http://docs.splunk.com/Documentation/Splunk/6.2.8/Admin/ConfiguretheMonitoringConsole
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only section which does not populate with these changes is the Alert section. It appears the search below does not return results to the limited user. Any Ideas what permissions this search needs? If it matters this is DMC on Splunk 6.3.1.
rest splunk_server=local /services/search/distributed/peers/
| where status!="Up"
| fields peerName, status
| rename peerName as Instance, status as Status
Splunk Custom Visualizations App End of Life
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
