Security

Custom search commands and authorize.conf in 4.1?

Lowell
Super Champion

When setting up a custom search command, is it still necessary to setup authorize.conf entries like this in Splunk 4.1?

[capability::run_script_dothething]

[role_Admin] 
run_script_dothething = enabled

Or has it been replaced in favor of metadata entries? Like so:

[commands/dothething]
access = read : [ admin ], write : [ admin ]
owner = nobody
export = system

Are these equivalent?

1 Solution

gkanapathy
Splunk Employee
Splunk Employee

The settings in authorize.conf for controlling access to search commands have been replaced by the settings in the .meta files as of 4.0. The run_script_* settings no longer do anything. (Also note that settings for role_Admin should be role_admin as of 4.0, as the name of the role changes from Admin to admin then.)

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

The settings in authorize.conf for controlling access to search commands have been replaced by the settings in the .meta files as of 4.0. The run_script_* settings no longer do anything. (Also note that settings for role_Admin should be role_admin as of 4.0, as the name of the role changes from Admin to admin then.)

View solution in original post

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.