Hello, I found a new failure of an App's Setup page (secret storage) on a Splunk Cloud when I tried to register password to secret storage.
[SPLUNKD] You (user=<my splunk user>) do not have permission to perform this operation (requires capability: $db_connect_read_app_conf$).
Could this be just an account permissions issue ?
Can it be proceeded by using admin account ?
Do you have any information for this db_connect_read_app_conf Splunk capability ??
Unfortunately, there was no valuable document and reference for this capability in my search.
I'm happy for any information from you.
Thank you in advance.
I have reproduced the error in Splunk Enterprise env which Splunk DB Connect App is installed.
This error is caused by Splunk DB Connect App (https://splunkbase.splunk.com/app/2686/).
Solutions were folowings.
- Disable Splunk DB Connect App
OR
- Add "db_connect_read_app_conf" and "db_connect_write_app_conf" capability to the user role.
(Reference documentation for Splunk DB Connect)
https://docs.splunk.com/Documentation/DBX/3.10.0/DeployDBX/HowSplunkDBConnectworks
https://docs.splunk.com/Documentation/DBX/3.10.0/DeployDBX/Createandmanageidentities
Secret Storage, which registers App credentials, is also DB Connect is automatically treated as a DB Connect Identity when DB Connect is installed.
(I could not find any direct reference to Secret Storage being treated as a DB Connect Identity.)
I have reproduced the error in Splunk Enterprise env which Splunk DB Connect App is installed.
This error is caused by Splunk DB Connect App (https://splunkbase.splunk.com/app/2686/).
Solutions were folowings.
- Disable Splunk DB Connect App
OR
- Add "db_connect_read_app_conf" and "db_connect_write_app_conf" capability to the user role.
On the other hand, Splunk Enterprise platform doesn't need the db_connect_read_app_conf capability for the same operation.
The only "admin_all_object" and "list_secret_storage" capabilities were just needed for it on Splunk Enterprise platform.