Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

apply shcluster-bundle returning insufficient permission to access this resource

fabiocaldas
Contributor
‎11-08-2017 05:36 AM

Hi,

I'm trying to deploy new apps to shcluster via my deployer and running apply shcluster bundle command I'm receiving a erro message.

/splunkdrive/splunk/bin/splunk apply shcluster-bundle --answer-yes -auth admin:{{ADMIN_PASSWORD}} -target https://{{SEARCH_HEAD_IP}}:8089

With return: insufficient permission to access this resource

I already tested a API call at search head using same auth and it was OK both on deployer and on search head cluster element

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

fabiocaldas
Contributor
‎11-09-2017 12:33 PM

We finally got the solution:

We had a custom authorize.conf under $SPLUNK_HOME/splunk/etc/system/local and probably was missing some capability.

When we removed this authorize.conf command worked fine

View solution in original post

Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:06 AM

For those who come to this page looking for an answer how to avoid giving a user admin_all_objects capability, if you only want the user to do a "splunk apply shcluster-bundle"...

We opened a case for this (1165853) and there is a solution:
You can build a custom role for this.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

Reply
Solved! Jump to solution

manjunathmeti
Champion
‎09-02-2018 10:00 PM

Capability admin_all_objects is required for a user role to apply/deploy shcluster-bundle from deployer server.

0 Karma
Reply
Solved! Jump to solution
Solution

fabiocaldas
Contributor
‎11-09-2017 12:33 PM

We finally got the solution:

We had a custom authorize.conf under $SPLUNK_HOME/splunk/etc/system/local and probably was missing some capability.

When we removed this authorize.conf command worked fine

Reply
Solved! Jump to solution

manjunathmeti
Champion
‎08-31-2018 02:38 AM

By any chance did you find out capabilities needed to apply shcluster-bundle from deployer?

0 Karma
Reply
Solved! Jump to solution

snaikwade_splun
Splunk Employee
Splunk Employee
‎11-08-2017 03:51 PM

First I would suggest not to use -auth parameters. Run the command without -auth and see if you can make any changes.

Secondly, insufficient permissions mean that the -auth admin:{passowrd} is incorrect. To resolve the error, change the admin password on deployer and so on all the SHC members. Then you can try again.

0 Karma
Reply
Solved! Jump to solution

fabiocaldas
Contributor
‎11-09-2017 10:18 AM

Problem isn't related with the use of -auth we tried without that but the error message persists

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...