Security

role permission

Explorer

I create a role
[role_mmuser]

adminallobjects = enabled
changeauthentication = enabled
edit
deploymentclient = enabled
list
deploymentclient = enabled
edit
deploymentserver = enabled
edit
distpeer = enabled
edit
forwarders = enabled
edithttpauths = enabled
edit
inputdefaults = enabled
edit
monitor = enabled
editroles = enabled
edit
scripted = enabled
editsearchserver = enabled
editserver = enabled
edit
splunktcp = enabled
editsplunktcpssl = enabled
edittcp = enabled
edit
udp = enabled
edituser = enabled
edit
websettings = enabled
indexes
edit = enabled
licenseedit = enabled
license
tab = enabled
listforwarders = enabled
list
httpauths = enabled
restappsmanagement = enabled
restart_splunkd = enabled

This enables the windows specific capabilities for admin

editwineventlogs = enabled
editwinwmiconf = enabled
editwinregmon = enabled
editwinadmon = enabled
editwinperfmon = enabled
listwinlocalavailablelogs = enabled
listpdfserver = enabled
write
pdfserver = enabled

importRoles = power;user
srchIndexesAllowed = ;_
srchIndexesDefault = main;os
srchFilter = *
srchTimeWin = 0
srchDiskQuota = 10000
srchJobsQuota = 50
rtSrchJobsQuota = 100

I have made it the same as admin, but still can't input data?Why and how? Thanks!

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

If you have a specific role that is identical to admin but yet you cannot do things admin can do, there are two major possibilities.

  1. We have an error where we are keying to the admin role name incorrectly in the python or compiled code
  2. The access information for the views simply refer to the admin role, eg $SPLUNK_HOME/etc/apps/search/metadata/local.meta / default.met

The second scenario is more likely.

0 Karma