Splunk Manager Admin Permission Problem

harald_leitl · ‎07-16-2012

Hi,

Just updated my search heads to 4.3 and now I get following message when trying to create new roles in Splunk manager.

There was an error retrieving the configuration, can not process this page.

You do not have permission to access the configuration for this page.

No difference between LDAP user (with admin privilege) and local Admin user, both receive the same error.

my /opt/splunk/etc/apps/search/metadata/default.meta shows:

....

*[manager/authentication_roles]

access = read : [ admin ], write : [ admin ]*

...

that should be okay.

Any suggestion?

thanks,

harry

lguinn2 · ‎07-16-2012

Sometimes I see errors like this if Splunk was started/stopped by root, when it normally runs as a different user. Some of the files become owned by root and then odd things don't work. In Linux, there is a simple fix. Assuming that

Splunk is installed in /opt/splunk
Splunk should run as user splunkit
you are signed in as a user with sudo privileges

cd /opt sudo chown -R splunkit splunk

Of course, the problem could be something entirely different...

harald_leitl · ‎11-28-2012

any other suggestion? could it be a bug?

harald_leitl · ‎08-30-2012

just chanced permissions - unfortunately still the same behavior.

Splunk Manager Admin Permission Problem

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?