I did someting by Work with Users and roles.
And then every users and admin are deleted and every roles are deleted except user.
Then I can't change any thing.
When I do some change, alert that Client is not authorized to perform requested action.
What can I do?? How can I deal this situation.
# Version 5.0.3
# DO NOT EDIT THIS FILE!
# Please make all changes to files in $SPLUNK_HOME/etc/system/local.
# To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default
# into ../local and edit there.
# commented out capabilities that are registered by their own components.
# leaving here for educational purposes.
#
# This file creates roles and sets granular access controls.
[default]
srchDiskQuota = 100
srchJobsQuota = 3
rtSrchJobsQuota = 6
srchMaxTime = 100days
schedule_rtsearch = enabled
# These stanzas list all the capabilities in the system
[capability::admin_all_objects]
[capability::change_authentication]
[capability::change_own_password]
[capability::delete_by_keyword]
[capability::edit_deployment_client]
[capability::list_deployment_client]
[capability::edit_deployment_server]
[capability::edit_dist_peer]
[capability::edit_forwarders]
[capability::edit_httpauths]
[capability::edit_input_defaults]
[capability::edit_monitor]
[capability::edit_roles]
[capability::edit_scripted]
[capability::edit_search_server]
[capability::edit_server]
[capability::edit_splunktcp]
[capability::edit_splunktcp_ssl]
[capability::edit_tcp]
[capability::edit_udp]
[capability::edit_user]
[capability::edit_web_settings]
[capability::get_metadata]
[capability::get_typeahead]
[capability::indexes_edit]
[capability::input_file]
[capability::license_edit]
[capability::license_tab]
[capability::list_forwarders]
[capability::list_httpauths]
[capability::list_inputs]
[capability::output_file]
[capability::request_remote_tok]
[capability::rest_apps_management]
[capability::rest_apps_view]
[capability::rest_properties_get]
[capability::rest_properties_set]
[capability::restart_splunkd]
[capability::rtsearch]
[capability::run_debug_commands]
[capability::schedule_search]
[capability::schedule_rtsearch]
[capability::search]
[capability::use_file_operator]
# Registers some windows specific capabilities
[capability::edit_win_eventlogs]
[capability::edit_win_wmiconf]
[capability::edit_win_regmon]
[capability::edit_win_admon]
[capability::edit_win_perfmon]
[capability::list_win_localavailablelogs]
[capability::list_pdfserver]
[capability::write_pdfserver]
[role_splunk-system-role]
importRoles = admin
[role_admin]
admin_all_objects = enabled
change_authentication = enabled
edit_deployment_client = enabled
list_deployment_client = enabled
edit_deployment_server = enabled
edit_dist_peer = enabled
edit_forwarders = enabled
edit_httpauths = enabled
edit_input_defaults = enabled
edit_monitor = enabled
edit_roles = enabled
edit_scripted = enabled
edit_search_server = enabled
edit_server = enabled
edit_splunktcp = enabled
edit_splunktcp_ssl = enabled
edit_tcp = enabled
edit_udp = enabled
edit_user = enabled
edit_web_settings = enabled
indexes_edit = enabled
license_edit = enabled
license_tab = enabled
list_forwarders = enabled
list_httpauths = enabled
rest_apps_management = enabled
restart_splunkd = enabled
run_debug_commands = enabled
# This enables the windows specific capabilities for admin
edit_win_eventlogs = enabled
edit_win_wmiconf = enabled
edit_win_regmon = enabled
edit_win_admon = enabled
edit_win_perfmon = enabled
list_win_localavailablelogs = enabled
list_pdfserver = enabled
write_pdfserver = enabled
importRoles = power;user
srchIndexesAllowed = *;_*
srchIndexesDefault = main;os
srchFilter = *
srchTimeWin = 0
srchDiskQuota = 10000
srchJobsQuota = 50
rtSrchJobsQuota = 100
[role_power]
schedule_search = enabled
importRoles = user
srchIndexesAllowed = *
srchIndexesDefault = main
srchDiskQuota = 500
srchJobsQuota = 10
rtSrchJobsQuota = 20
rtsearch = enabled
[role_user]
change_own_password = enabled
get_metadata = enabled
get_typeahead = enabled
input_file = enabled
list_inputs = enabled
output_file = enabled
request_remote_tok = enabled
rest_apps_view = enabled
rest_properties_get = enabled
rest_properties_set = enabled
search = enabled
srchIndexesAllowed = *
srchIndexesDefault = main
[role_can_delete]
delete_by_keyword = enabled
use the default template of authorize.conf