Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

permissions question

a212830
Champion
‎05-27-2014 06:03 AM

Hi,

Once a view is created and made private, does a power user have the ability to change the permissions? I have some users who can't change permissions after saving the original item as private.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ofrachon
Path Finder
‎05-27-2014 08:30 AM

Roles are implemented within Splunk with different capabilities : http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_ca...

If the power user you're talking about has the proper capability, (s)he'll be able to change Permissions.

Another possibility is to do that directly by editing the .conf files within the user's directory.

View solution in original post

Reply
Solved! Jump to solution
Solution

ofrachon
Path Finder
‎05-27-2014 08:30 AM

Roles are implemented within Splunk with different capabilities : http://docs.splunk.com/Documentation/Splunk/6.1.1/Security/Rolesandcapabilities#List_of_available_ca...

If the power user you're talking about has the proper capability, (s)he'll be able to change Permissions.

Another possibility is to do that directly by editing the .conf files within the user's directory.

Reply
Solved! Jump to solution

a212830
Champion
‎05-27-2014 09:51 AM

Bingo. We implemented new roles with 6.1.1 and this user was put in a different role. All set. Thanks.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎05-27-2014 06:41 AM

Does the view belong to the user who marked it private? If they didnt create the view they wont see it after they mark it private because it's private to owner not the person who marks it private.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎05-27-2014 08:25 AM

I think this would reveal the permissions issue if it existed: index=_internal ( source="*splunkd.log" ) ( log_level="ERROR" )

You should see something like "file not found", "permission denied" etc.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎05-27-2014 08:21 AM

My guess it's a file permissions issue:

If splunkd was running as root when the view was created. That would make the .conf file owned by root. Then if the current owner of splunkd has changed to something like splunk_daemon_service_account, splunkd wouldnt be able to edit the file.

0 Karma
Reply
Solved! Jump to solution

a212830
Champion
‎05-27-2014 07:02 AM

He is listed as the owner, but Permissions link isn't there.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...