Splunk Cloud Platform

What is "db_connect_read_app_conf " capability and is it necessary to register a password to the secret storage ?

hacket-
Explorer

Hello, I found a new failure of an App's Setup page (secret storage) on a Splunk Cloud when I tried to register password to secret storage.

[SPLUNKD] You (user=<my splunk user>) do not have permission to perform this operation (requires capability: $db_connect_read_app_conf$).

Could this be just an account permissions issue ?
Can it be proceeded by using admin account  ?

Do you have any information for this db_connect_read_app_conf Splunk capability ??
Unfortunately, there was no valuable document and reference for this capability in my search.

I'm happy for any information from you.
Thank you in advance.

Labels (1)
0 Karma
1 Solution

hacket-
Explorer

I have reproduced the error in Splunk Enterprise env which Splunk DB Connect App is installed.
This error is caused by Splunk DB Connect App (https://splunkbase.splunk.com/app/2686/).
Solutions were folowings.

- Disable Splunk DB Connect App

OR 
- Add "db_connect_read_app_conf" and "db_connect_write_app_conf" capability to the user role.


View solution in original post

0 Karma

hacket-
Explorer

(Reference documentation for Splunk DB Connect)

https://docs.splunk.com/Documentation/DBX/3.10.0/DeployDBX/HowSplunkDBConnectworks

https://docs.splunk.com/Documentation/DBX/3.10.0/DeployDBX/Createandmanageidentities

Secret Storage, which registers App credentials, is also DB Connect is automatically treated as a DB Connect Identity when DB Connect is installed.
(I could not find any direct reference to Secret Storage being treated as a DB Connect Identity.)

0 Karma

hacket-
Explorer

I have reproduced the error in Splunk Enterprise env which Splunk DB Connect App is installed.
This error is caused by Splunk DB Connect App (https://splunkbase.splunk.com/app/2686/).
Solutions were folowings.

- Disable Splunk DB Connect App

OR 
- Add "db_connect_read_app_conf" and "db_connect_write_app_conf" capability to the user role.


0 Karma

hacket-
Explorer

On the other hand, Splunk Enterprise platform doesn't need the  db_connect_read_app_conf capability for the same operation.

The only "admin_all_object"  and  "list_secret_storage" capabilities were just needed for it on Splunk Enterprise platform.

 

0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...