Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk role capabilities needed for splunk apply shcluster-bundle

dietschpa
New Member
‎06-01-2017 04:11 AM

Hi,

I have to create a splunk role for an "operator" user who must be able of launching the CLI command "splunk apply shcluster-bundle". What capacilities should I have to attribute to this role ?

Thank you for your help,

Patrice

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

masonmorales
Influencer
‎06-01-2017 10:14 AM

They need the administer all objects capability.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

goelli
Communicator
‎11-13-2018 09:03 AM

We opened a case for this (1165853) and there is a solution:
You can build a custom role to not need a user to have admin_all_objects capability.

Step 1: Define a new capability and assign it to a role - via authorize.conf

[capability::deployer_capability]
[role_deployer]
deployer_capability = enabled

Step 2: Assign the capability to the correct REST endpoint, which is used by this CLI command - via restmap.conf

[apps-deploy:apps-deploy]
capability.post=deployer_capability

This is working pretty fine for us and we can now have a techical user doing a "splunk apply shcluster-bundle" without having a technical user with admin priviliges.

Reply
Solved! Jump to solution
Solution

masonmorales
Influencer
‎06-01-2017 10:14 AM

They need the administer all objects capability.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...