Solved: DBX user capabilities for DB Connect 1 unclear

tweaktubbie · ‎09-29-2015

Having a Splunk server with DB Connect 1 on a heavy forwarder (not a searchhead or indexer), I intend to give DBA's FULL access to the DB Connect app via the web interface - they should be able to create/edit/all within their usual DBA working activities.

Created a specific role dbx-user, gave read/write permissions for the role on all dbmon/dbx objects. Assigned role to the DBX app.
Had to inherit user role to enable search capabilities and show proper icons for all apps.

Then noticed database inputs could not be retrieved (not or not completely, and thus created); had added in the 'indexes searched by default' to all internal and non-internal. Still got 403's in the data inputs screen for databases.
Read other questions with adding user role + dbx role, but they give the same outcome.

What now works:
-role dbx-user inherits user
-capabilities admin_all_objects + dbx_capable
-no indexes added by default

Only (splunk)admins and dbx-users have access to the webinterface, but I wonder if adding admin_all_objects can somehow be bypassed. Having selected ALL capabilities but NOT admin_all_objects simply doesn't work for this role!

jcoates_splunk · ‎10-04-2015

Confirmed, this is a design issue in DB Connect 1. Dedicating a forwarder to database connectivity management is a workaround. DB Connect 2 has a much more granular RBAC structure that should give you more flexibility.

View solution in original post

jcoates_splunk · ‎10-04-2015

Confirmed, this is a design issue in DB Connect 1. Dedicating a forwarder to database connectivity management is a workaround. DB Connect 2 has a much more granular RBAC structure that should give you more flexibility.

DBX user capabilities for DB Connect 1 unclear

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?