Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

jbsplunk
Splunk Employee
Splunk Employee
‎03-12-2013 10:24 AM

I have access to Splunk.com without issue.

However when I try to install any app such as SoS and Sideview Utils, from within SplunkWeb > Manager > Apps > Find More Apps Online > select Install Free,
I, and other users, get the following errors:

An error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/services/apps/remote/entriesbyid/sos

An error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/services/apps/remote/entriesbyid/sideview_utils
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Ellen
Splunk Employee
Splunk Employee
‎03-12-2013 10:27 AM

It was determined the default admin and power roles were modified to disable the following capabilities.

in $SPLUNK_HOME/etc/system/local/authorize.conf

[role_admin]
rest_apps_management = disabled

[role_power]
rest_properties_set = disabled

To install the apps in SplunkWeb's Manager > Apps, change these capabilities from disabled to enabled.

It is recommended the defaults for the admin role especially remain as Splunk provides and instead create a new custom admin role where modifications to the capabilities are made.
Appropriate users can then be assigned this custom role.
This way you are ensured that the admin role remains fully functional by default.

View solution in original post

Reply
Solved! Jump to solution

danmccarthy
Engager
‎06-10-2014 12:28 PM

I am experiencing this same issue, and this solution does not solve the problem, as both of those properties are set to "enabled". I am running a trial enterprise license of v 5.0.3 on OSX 10.9.3.

Installing manually as a workaround worked for me, although it'd be a lot simpler if this feature worked as intended. The workaround was just to download the app from splunk.com, then click App->Manage Apps-->Install app from file, and follow the prompts, including a splunk restart.

0 Karma
Reply
Solved! Jump to solution
Solution

Ellen
Splunk Employee
Splunk Employee
‎03-12-2013 10:27 AM

It was determined the default admin and power roles were modified to disable the following capabilities.

in $SPLUNK_HOME/etc/system/local/authorize.conf

[role_admin]
rest_apps_management = disabled

[role_power]
rest_properties_set = disabled

To install the apps in SplunkWeb's Manager > Apps, change these capabilities from disabled to enabled.

It is recommended the defaults for the admin role especially remain as Splunk provides and instead create a new custom admin role where modifications to the capabilities are made.
Appropriate users can then be assigned this custom role.
This way you are ensured that the admin role remains fully functional by default.

Reply
Solved! Jump to solution

dina_vaghjiani
New Member
‎06-06-2016 07:47 AM

Our configuration doesn't have a file of that name in the config. Is it a case of just creating one?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...