Security

As a Splunk admin user, why am I unable to access the roles menu ("Access controls")?

Motivator

Hi,

In Splunk Web when logged in as admin, I go to Settings > Access controls, and get the following message:

Fail: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/admin/system/data/modular-inputs?count=-1
Details: None

What does this mean and how can I fix it?
The message appears when I click many of the options under the Settings menu

0 Karma
1 Solution

Motivator

Figured it out...

Visited the URL (https://MyServer:8089/servicesNS/admin/system/data/modular-inputs) and got the following message:
`

In handler 'modular-inputs': You (user=admin) do not have permission to perform this operation (requires capability: list_inputs).

`

Made necessary tweak to authorize.conf in $SPLUNK_HOME/etc/system/local/authorize.conf
Then refreshed the necessary endpoint: http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

View solution in original post

Motivator

Figured it out...

Visited the URL (https://MyServer:8089/servicesNS/admin/system/data/modular-inputs) and got the following message:
`

In handler 'modular-inputs': You (user=admin) do not have permission to perform this operation (requires capability: list_inputs).

`

Made necessary tweak to authorize.conf in $SPLUNK_HOME/etc/system/local/authorize.conf
Then refreshed the necessary endpoint: http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

View solution in original post

Motivator

Can Splunk please include something in a future version that prevents certain Splunk capabilities from being removed if the removal can result in breaking the admin account?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!