Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

apply shcluster-bundle returning insufficient permission to access this resource

fabiocaldas
Contributor
‎11-08-2017 05:36 AM

Hi,

I'm trying to deploy new apps to shcluster via my deployer and running apply shcluster bundle command I'm receiving a erro message.

/splunkdrive/splunk/bin/splunk apply shcluster-bundle --answer-yes -auth admin:{{ADMIN_PASSWORD}} -target https://{{SEARCH_HEAD_IP}}:8089

With return: insufficient permission to access this resource

I already tested a API call at search head using same auth and it was OK both on deployer and on search head cluster element

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

fabiocaldas
Contributor
‎11-09-2017 12:33 PM

We finally got the solution:

We had a custom authorize.conf under $SPLUNK_HOME/splunk/etc/system/local and probably was missing some capability.

When we removed this authorize.conf command worked fine

View solution in original post

Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:06 AM

For those who come to this page looking for an answer how to avoid giving a user admin_all_objects capability, if you only want the user to do a "splunk apply shcluster-bundle"...

We opened a case for this (1165853) and there is a solution:
You can build a custom role for this.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

Reply
Solved! Jump to solution

manjunathmeti
Champion
‎09-02-2018 10:00 PM

Capability admin_all_objects is required for a user role to apply/deploy shcluster-bundle from deployer server.

0 Karma
Reply
Solved! Jump to solution
Solution

fabiocaldas
Contributor
‎11-09-2017 12:33 PM

We finally got the solution:

We had a custom authorize.conf under $SPLUNK_HOME/splunk/etc/system/local and probably was missing some capability.

When we removed this authorize.conf command worked fine

Reply
Solved! Jump to solution

manjunathmeti
Champion
‎08-31-2018 02:38 AM

By any chance did you find out capabilities needed to apply shcluster-bundle from deployer?

0 Karma
Reply
Solved! Jump to solution

snaikwade_splun
Splunk Employee
Splunk Employee
‎11-08-2017 03:51 PM

First I would suggest not to use -auth parameters. Run the command without -auth and see if you can make any changes.

Secondly, insufficient permissions mean that the -auth admin:{passowrd} is incorrect. To resolve the error, change the admin password on deployer and so on all the SHC members. Then you can try again.

0 Karma
Reply
Solved! Jump to solution

fabiocaldas
Contributor
‎11-09-2017 10:18 AM

Problem isn't related with the use of -auth we tried without that but the error message persists

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...