Security

What permissions do I need to give a user on the master node to view the monitoring console?

nabhosal
New Member

What capabilities I need to give to particular user on master node in order to view monitoring console?

Right now I have given admin_all_objects capability.

But when I am checking health check it is showing instances not reachable.

And if I am logging in with admin credentials all instances are showing as reachable.

Currently I have given user and power role to user along with admin_all_objects capability.

Thanks in advance.

0 Karma

swmishra_splunk
Splunk Employee
Splunk Employee

You need to provide in total three capabilities to view the monitoring console for user privileges.

1).admin_all_objests.

2).dispatch_rest_to_indexers.

3).edit_dist_peer.

The dispatch_rest_to_indexers capability will show the resource usage of each instance and edit_dist_peer will fix the instance unreachable error.

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi swmishra [Splunk],

Thanks for your feedback, but I think the advice given with this answer is not correct and dangerous. Granting users admin_all_objects will make them an admin of your instance, and is not needed just to view the monitoring console nor recommended security wise.

Take a look at my posted [role_mc-users] config it contains all capabilities needed to grant secure access for users to the monitoring console.

Hope this helps ...

cheers, MuS

MuS
SplunkTrust
SplunkTrust

Hi nabhosal,

There is no need to grant admin_all_objects to a user to access MC; you can create a new role with these limited capabilities:

[role_mc-users]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
dispatch_rest_to_indexers = enabled
importRoles = power;user
license_tab = enabled
list_deployment_client = enabled
list_deployment_server = enabled
list_forwarders = enabled
list_health = enabled
list_httpauths = enabled
list_indexer_cluster = enabled
list_indexerdiscovery = enabled
list_search_head_clustering = enabled
list_search_scheduler = enabled
list_settings = enabled
srchIndexesAllowed = _*
srchIndexesDefault = _*
srchMaxTime = 0

and allow this role read access to the Monitoring Console app. This will do the task.

Hope this helps ...

cheers, MuS

JaycieMeSplunkn
Engager

In a clustered environment, you can also enable ‘list_dist_peer’ to effectively view the overall status of the Monitoring Console.

vik_splunk
Communicator

@MuS - We have created a non-admin role with all the above capabilities but a user in the role is unable to launch the health check tab. It does nothing and is stuck at "Loading...". An admin can pull up the page immediately.

@swmishra_splunk I do understand that admin_all_objects can fix this problem but the whole point is assigning only appropriate permissions so as to allow a non-admin execute health checks.

Can you please advise if some other capability can allow us to view the health check page?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi vik_splunk,

the question here was ... to view ... the MC and that's what this role provides, capabilities to view the MC. I never tested nor intended to have this role run a health check to be honest.

cheers, MuS

0 Karma

vik_splunk
Communicator

Ah ok @MuS . With some testing I was able to figure out the answer to my question.

In addition to edit_dist_peer, edit_health does the trick. I.e your mc users capability + the above two edit roles is what I was looking for. Hope it helps someone attempting to set something up similar.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi nabhosal,
see at http://docs.splunk.com/Documentation/Splunk/7.0.0/DMC/Deploymentsetupsteps .
the problem isn't user capabilities, you have to configure your DMC to see all Splunk systems data, in other words "Add all instances as search peers".

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...