Re: All roles are deleted except user. Help!!

donnieli · ‎07-31-2013

I did someting by Work with Users and roles.

And then every users and admin are deleted and every roles are deleted except user.

Then I can't change any thing.

When I do some change, alert that Client is not authorized to perform requested action.

What can I do?? How can I deal this situation.

ddarmand · ‎07-31-2013

#   Version 5.0.3
# DO NOT EDIT THIS FILE!
# Please make all changes to files in $SPLUNK_HOME/etc/system/local.
# To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default
# into ../local and edit there.
# commented out capabilities that are registered by their own components.
# leaving here for educational purposes.
#
# This file creates roles and sets granular access controls.

[default]
srchDiskQuota     = 100
srchJobsQuota     = 3
rtSrchJobsQuota   = 6
srchMaxTime       = 100days
schedule_rtsearch = enabled

# These stanzas list all the capabilities in the system
[capability::admin_all_objects]
[capability::change_authentication]
[capability::change_own_password]
[capability::delete_by_keyword]
[capability::edit_deployment_client]
[capability::list_deployment_client]
[capability::edit_deployment_server]
[capability::edit_dist_peer]
[capability::edit_forwarders]
[capability::edit_httpauths]
[capability::edit_input_defaults]
[capability::edit_monitor]
[capability::edit_roles]
[capability::edit_scripted]
[capability::edit_search_server]
[capability::edit_server]
[capability::edit_splunktcp]
[capability::edit_splunktcp_ssl]
[capability::edit_tcp]
[capability::edit_udp]
[capability::edit_user]
[capability::edit_web_settings]
[capability::get_metadata]
[capability::get_typeahead]
[capability::indexes_edit]
[capability::input_file]
[capability::license_edit]
[capability::license_tab]
[capability::list_forwarders]
[capability::list_httpauths]
[capability::list_inputs]
[capability::output_file]
[capability::request_remote_tok]
[capability::rest_apps_management]
[capability::rest_apps_view]
[capability::rest_properties_get]
[capability::rest_properties_set]
[capability::restart_splunkd]
[capability::rtsearch]
[capability::run_debug_commands]
[capability::schedule_search]
[capability::schedule_rtsearch]
[capability::search]
[capability::use_file_operator]

# Registers some windows specific capabilities
[capability::edit_win_eventlogs]
[capability::edit_win_wmiconf]
[capability::edit_win_regmon]
[capability::edit_win_admon]
[capability::edit_win_perfmon]
[capability::list_win_localavailablelogs]
[capability::list_pdfserver]
[capability::write_pdfserver]

[role_splunk-system-role]
importRoles = admin

[role_admin] 
admin_all_objects      = enabled
change_authentication  = enabled
edit_deployment_client = enabled
list_deployment_client = enabled
edit_deployment_server = enabled
edit_dist_peer         = enabled
edit_forwarders        = enabled
edit_httpauths         = enabled
edit_input_defaults    = enabled
edit_monitor           = enabled
edit_roles             = enabled
edit_scripted          = enabled
edit_search_server     = enabled
edit_server            = enabled
edit_splunktcp         = enabled
edit_splunktcp_ssl     = enabled
edit_tcp               = enabled
edit_udp               = enabled
edit_user              = enabled
edit_web_settings      = enabled
indexes_edit           = enabled
license_edit           = enabled
license_tab            = enabled
list_forwarders        = enabled
list_httpauths         = enabled
rest_apps_management   = enabled
restart_splunkd        = enabled
run_debug_commands     = enabled

# This enables the windows specific capabilities for admin
edit_win_eventlogs = enabled
edit_win_wmiconf = enabled
edit_win_regmon = enabled
edit_win_admon = enabled
edit_win_perfmon = enabled
list_win_localavailablelogs = enabled
list_pdfserver = enabled
write_pdfserver = enabled

importRoles = power;user
srchIndexesAllowed = *;_*
srchIndexesDefault = main;os
srchFilter    = *
srchTimeWin   = 0
srchDiskQuota   = 10000
srchJobsQuota   = 50
rtSrchJobsQuota = 100

[role_power]
schedule_search   = enabled

importRoles = user
srchIndexesAllowed = *
srchIndexesDefault = main
srchDiskQuota   = 500
srchJobsQuota   = 10
rtSrchJobsQuota = 20

rtsearch    = enabled

[role_user]
change_own_password = enabled
get_metadata        = enabled
get_typeahead       = enabled
input_file          = enabled
list_inputs         = enabled
output_file     = enabled
request_remote_tok  = enabled
rest_apps_view      = enabled
rest_properties_get = enabled
rest_properties_set = enabled
search              = enabled

srchIndexesAllowed = *
srchIndexesDefault = main

[role_can_delete]
delete_by_keyword = enabled

ddarmand · ‎07-31-2013

use the default template of authorize.conf

All roles are deleted except user. Help!!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!