Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After upgrading Splunk from 6.2.x to 6.3, users with power role are getting "403 Forbidden" using debug/refresh URL. What capabilities are needed?

flee
Path Finder
‎01-27-2016 04:24 PM

We have users in Power role that were using ...debug/refresh URL in v6.2.x. However, after we upgraded to v6.3, those users are not able to use the debug/refresh anymore. They're now getting error message "403 Forbidden. Unauthorized to access this resource." page instead.

I added the run_debug_commands capabilities which was not included previously to the role, but they're still getting the same 403 error.

Is there any other capabilities needed?

Thanks for your help.

Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎01-27-2016 07:19 PM

Try adding web_debug capabilities as well. This is configured in authorize.conf and the admin role has this by default. Also for 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/**splat).
- Defaults to false

Similar question : https://answers.splunk.com/answers/312428/why-am-i-no-longer-able-to-access-sso-and-echo-deb.html

Happy Splunking!

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎01-27-2016 07:19 PM

Try adding web_debug capabilities as well. This is configured in authorize.conf and the admin role has this by default. Also for 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/**splat).
- Defaults to false

Similar question : https://answers.splunk.com/answers/312428/why-am-i-no-longer-able-to-access-sso-and-echo-deb.html

Happy Splunking!
Reply
Solved! Jump to solution

flee
Path Finder
‎01-31-2016 08:36 PM

Thanks renjith.nair! It worked. Since I only wanted a specific role to have this capability, I added web_debug only to the role.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...