Solved: Restore Admin Roles in Splunk After Accidental Del...

sanjai · ‎08-08-2024

Hi Splunker,

I am currently working with REST API calls for user management in Splunk. While attempting to add additional roles to the default admin account, I accidentally removed the admin role from this account. Unfortunately, I do not have any other user accounts with admin privileges.

At present, I only have a single user account with the "User" role and cannot create a new user with "Admin" privileges.

Could you please advise on how to restore the deleted roles to the existing user account or suggest any alternative solutions?

isoutamo · ‎08-08-2024

And if you haven’t backups (you really should), just add role admin to your admin user into authorize.conf file with any text editor. See authorize.conf specs how it should do.

View solution in original post

sanjai · ‎08-08-2024

Thanks @richgalloway and @isoutamo for your time , it worked 🙂🙌

richgalloway · ‎08-08-2024

Restore the $SPLUNK_HOME/etc/system/local/authorize.conf file from your most recent backup and restart Splunk.

---
If this reply helps you, Karma would be appreciated.

isoutamo · ‎08-08-2024

And if you haven’t backups (you really should), just add role admin to your admin user into authorize.conf file with any text editor. See authorize.conf specs how it should do.

Restore Admin Roles in Splunk After Accidental Deletion

rest API

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application