Security

After upgrading Splunk from 6.2.x to 6.3, users with power role are getting "403 Forbidden" using debug/refresh URL. What capabilities are needed?

Path Finder

We have users in Power role that were using ...debug/refresh URL in v6.2.x. However, after we upgraded to v6.3, those users are not able to use the debug/refresh anymore. They're now getting error message "403 Forbidden. Unauthorized to access this resource." page instead.

I added the rundebugcommands capabilities which was not included previously to the role, but they're still getting the same 403 error.

Is there any other capabilities needed?

Thanks for your help.

1 Solution

SplunkTrust
SplunkTrust

Try adding web_debug capabilities as well. This is configured in authorize.conf and the admin role has this by default. Also for 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/**splat).
- Defaults to false

Similar question : https://answers.splunk.com/answers/312428/why-am-i-no-longer-able-to-access-sso-and-echo-deb.html

View solution in original post

SplunkTrust
SplunkTrust

Try adding web_debug capabilities as well. This is configured in authorize.conf and the admin role has this by default. Also for 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/**splat).
- Defaults to false

Similar question : https://answers.splunk.com/answers/312428/why-am-i-no-longer-able-to-access-sso-and-echo-deb.html

View solution in original post

Path Finder

Thanks renjith.nair! It worked. Since I only wanted a specific role to have this capability, I added web_debug only to the role.

0 Karma