Security

As a Splunk admin user, why am I unable to access the roles menu ("Access controls")?

Motivator

Hi,

In Splunk Web when logged in as admin, I go to Settings > Access controls, and get the following message:

Fail: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/admin/system/data/modular-inputs?count=-1
Details: None

What does this mean and how can I fix it?
The message appears when I click many of the options under the Settings menu

0 Karma
1 Solution

Motivator

Figured it out...

Visited the URL (https://MyServer:8089/servicesNS/admin/system/data/modular-inputs) and got the following message:
`

In handler 'modular-inputs': You (user=admin) do not have permission to perform this operation (requires capability: list_inputs).

`

Made necessary tweak to authorize.conf in $SPLUNK_HOME/etc/system/local/authorize.conf
Then refreshed the necessary endpoint: http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

View solution in original post

Motivator

Figured it out...

Visited the URL (https://MyServer:8089/servicesNS/admin/system/data/modular-inputs) and got the following message:
`

In handler 'modular-inputs': You (user=admin) do not have permission to perform this operation (requires capability: list_inputs).

`

Made necessary tweak to authorize.conf in $SPLUNK_HOME/etc/system/local/authorize.conf
Then refreshed the necessary endpoint: http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

View solution in original post

Motivator

Can Splunk please include something in a future version that prevents certain Splunk capabilities from being removed if the removal can result in breaking the admin account?

0 Karma