Security
Highlighted

can't add capabilities to roles in splunk

Path Finder

I have admin level access to my splunk instance. I want to add the list_inputs capability to the admin role (actually it should be present by default) but I can't seem to do it.
When I click on a particular capability on the 'available capabilities' list it moves to the 'selected capabilities' list as expected, but when i hit the save button it doesn't seem to save and the capability doesn't remain on the 'selected capabilities' list. Please help.

Tags (3)
0 Karma
Highlighted

Re: can't add capabilities to roles in splunk

Hi saikatr;

I try to tested it, but it displays the same problem like you!

I think that its no a problem because, if you look at botton after Capabiities block, you will see the block that concern the Imported capabilities. If you try to look in the list of Imported capabilities , you will realize that the capabilities you want to add found inside list after saving.

Thus, only select the capabilities you want to add and save! This will go automatically in Imported capabilities list.

View solution in original post

Highlighted

Re: can't add capabilities to roles in splunk

Builder

Correct answer provided by @ngatchasandra

The selected capabilities may appear to be listed as not on a certain user, however, this is due to the imported capabilities not linking with the available, unselected capabilities.

Make sure you double check both lists.

Also - it may be because you're logged in as the same level, so it might stop you from adding permissions to your own group, I don't know if this is the actual case, but it could be. @ppablo_splunk - is this functionality you know?

0 Karma
Highlighted

Re: can't add capabilities to roles in splunk

Community Manager
Community Manager

I've never done this myself so I'm not totally sure, but from @ngatchasandra's answer, it seems like the UI is there to visually see what is available, confirm what you've selected, and save the changes. Then, to see what was actually added to the role to confirm the changes went through, you should view the 'Imported Capabilities' list.

As for why @saikatr's admin role didn't already have the listinputs capability and/or can't add the capability himself, it's probably because the admin role was assigned and inherited capabilities from the default Admin user. http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/Addmanagementaccesstocustomroles#Grantingadminrolesto_users
As stated in this documentation, creating a custom admin role that inherits default Admin capabilities "will have every capability you assign to the Admin role. However it will not automatically have access to the same manager pages as the Admin, including:
- Data features: The ability to view or add data inputs, configure forwarding and receiving, manage indexes, and report acceleration.
- Users and Authentication: Manage you LDAP configuration, users (other than their own) and roles."

@saikatr, can you confirm if @ngatchasandra and @markthompson's suggestions apply to your situation?

0 Karma
Highlighted

Re: can't add capabilities to roles in splunk

Path Finder

@markthompson @ngatchasandra @ppablo_splunk

When I make changes to a report, alert's query on splunk, the save option remains greyed out, so every time I have to save the report/alert as a new one using the 'save as' option. A while back I had asked this question to the community and was told that my role should have the 'list_inputs' capability. I remember adding that capability to the admin role and for a while the save option worked fine.

Off late, the save option has gone back to being greyed out and i looked to perform the obvious step of adding the 'list_inputs' capability. Like @ngatchasandra said, I too can see the particular capability in imported capabilities list, but since the save button isn't working, one can deduce that the capability isn't performing as expected. Any inputs?

0 Karma