Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the capabilities required for a role/user to apply shcluster-bundle from deployer server?

manjunathmeti
SplunkTrust
SplunkTrust
‎08-31-2018 02:42 AM

We need to create a role on deployer server to create the users since admin access is blocked. What are the capabilities required for a role to apply shcluster-bundle from deployer server using below command?

/splunkdrive/splunk/bin/splunk apply shcluster-bundle --answer-yes -auth <user>:<user_pwd> -target https://<SEARCH_HEAD_IP>:8089
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
SplunkTrust
SplunkTrust
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:03 AM

We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
SplunkTrust
SplunkTrust
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

0 Karma
Reply
Solved! Jump to solution

inventsekar
Super Champion
‎08-31-2018 03:20 AM

maybe, check these..
http://docs.splunk.com/Documentation/Splunk/6.1.7/Admin/authorizeconf

  [capability::edit_deployment_client]
            * Self explanatory. The deployment client admin endpoint requires this cap for edit.

    [capability::list_deployment_client]
            * Self explanatory.

    [capability::edit_deployment_server]
            * Self explanatory. The deployment server admin endpoint requires this cap for edit.

    [capability::list_deployment_server]
            * Self explanatory.
0 Karma
Reply
Solved! Jump to solution

manjunathmeti
SplunkTrust
SplunkTrust
‎08-31-2018 03:48 AM

I added these capabilities and checked but it's not working. I get below error:
insufficient permission to access this resource

I've also added all the capabilities to the user except admin_all_objects , still getting the same error. Looks like admin_all_objects is required for applying shcluster-bundle from deployer server. But providing admin_all_objects to a user is like making that user an admin.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...