Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the capabilities required for a role/user to apply shcluster-bundle from deployer server?

manjunathmeti
Champion
‎08-31-2018 02:42 AM

We need to create a role on deployer server to create the users since admin access is blocked. What are the capabilities required for a role to apply shcluster-bundle from deployer server using below command?

/splunkdrive/splunk/bin/splunk apply shcluster-bundle --answer-yes -auth <user>:<user_pwd> -target https://<SEARCH_HEAD_IP>:8089
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:03 AM

We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎09-02-2018 09:59 PM

I've added all the capabilities to the user except admin_all_objects , the below error was coming.
insufficient permission to access this resource

Looks like admin_all_objects is required for applying shcluster-bundle from deployer server.

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎08-31-2018 03:20 AM

maybe, check these..
http://docs.splunk.com/Documentation/Splunk/6.1.7/Admin/authorizeconf

  [capability::edit_deployment_client]
            * Self explanatory. The deployment client admin endpoint requires this cap for edit.

    [capability::list_deployment_client]
            * Self explanatory.

    [capability::edit_deployment_server]
            * Self explanatory. The deployment server admin endpoint requires this cap for edit.

    [capability::list_deployment_server]
            * Self explanatory.
thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎08-31-2018 03:48 AM

I added these capabilities and checked but it's not working. I get below error:
insufficient permission to access this resource

I've also added all the capabilities to the user except admin_all_objects , still getting the same error. Looks like admin_all_objects is required for applying shcluster-bundle from deployer server. But providing admin_all_objects to a user is like making that user an admin.

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...