Security

Custom search commands and authorize.conf in 4.1?

Lowell
Super Champion

When setting up a custom search command, is it still necessary to setup authorize.conf entries like this in Splunk 4.1?

[capability::run_script_dothething]

[role_Admin] 
run_script_dothething = enabled

Or has it been replaced in favor of metadata entries? Like so:

[commands/dothething]
access = read : [ admin ], write : [ admin ]
owner = nobody
export = system

Are these equivalent?

1 Solution

gkanapathy
Splunk Employee
Splunk Employee

The settings in authorize.conf for controlling access to search commands have been replaced by the settings in the .meta files as of 4.0. The run_script_* settings no longer do anything. (Also note that settings for role_Admin should be role_admin as of 4.0, as the name of the role changes from Admin to admin then.)

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

The settings in authorize.conf for controlling access to search commands have been replaced by the settings in the .meta files as of 4.0. The run_script_* settings no longer do anything. (Also note that settings for role_Admin should be role_admin as of 4.0, as the name of the role changes from Admin to admin then.)

View solution in original post


Tune In & Win!

Don't miss out on your
chance to take home free
prizes by helping our players
save the Splunk Cloudom!

Dungeons & Data
Monsters: Splunk O11y
Day Editions Games
stream live:
5/4 at 6:30pm PST
5/5 at 7:00pm PST
on