Solved: unable to change password / edit users

jonuwz · ‎09-27-2012

There seems to be a dependency on roles inheriting from 'user' and 'admin'.

Example.

I create a new role defined like this (an exact replica of 'user'):

[research]
change_own_password = enabled
get_metadata = enabled
get_typeahead = enabled
request_remote_tok = enabled
rest_apps_view = enabled
rest_properties_get = enabled
rest_properties_set = enabled
rtSrchJobsQuota = 1
search = enabled

If I create a user with only this role assigned, when he logs in, and clicks 'Manager', the page is completely blank.

Likewise, if I create a replica of the admin role (which inherits from 'power' and 'user'), all the admin tabs (like user roles, index management) are missing.

I've tested this against 4.3.2 4.3.3 and 4.3.4

Am I missing something, is this a bug, or expected behaviour?

It defeats the purpose of having capabilities like 'edit_user' and 'change_own_password'

John

jonuwz · ‎09-27-2012

In the end it was to do with app permissions.

If a user does not inherit read access to the 'Search' app, the management page is always blank.

Seems a bizarre scenario.

View solution in original post

jonuwz · ‎09-27-2012

In the end it was to do with app permissions.

If a user does not inherit read access to the 'Search' app, the management page is always blank.

Seems a bizarre scenario.

gkanapathy · ‎01-28-2013

There is no UI way of doing this, as of Splunk 5.0 or lower. In fact there is a lot of Splunk functionality and configuration that can only be accessed via configuration files or REST API calls.

sloshburch · ‎01-28-2013

More info: I grew suspicious that there should be a cleaner, UI way of doing this. I am still unable to find it. Here's where I left off if anyone wants to build on my research to find the proper solution.

Search has a ui level 'manager' folder which is not found in other apps. This can be found at $SPLUNK_HOME/etc/apps/search/default/data/ui/manager.
The instructions on this page seem like the most useful but I cannot find manager nor its artificats under even the 'All configurations' page.
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/SetPermissions

jonuwz · ‎01-25-2013

great tip !

sloshburch · ‎01-25-2013

I think it's important to highlight that the changes must be made in the 'search' app's metadata local file. I state this because there's many similar questions out there but its not clear that splunk's manager settings are specified in the 'search' app.

For those who are crazy enough to create a new role from scratch (like me), you might want to cat default.meta >> local.meta and then do some find/replace to change the admin to your custom admin role.

Once I did that, I was all set.

melting · ‎09-27-2012

Yes the manager pages are included in the search app. Read access to the search app is sort of a prerequisite in most cases.

I am glad you figured it out!

gkanapathy · ‎09-27-2012

Note that in addition to the capabilities, the manager pages have access control lists, so any user/role must have both in order to be able to do something on the pages. (The ACL is not needed, e.g., if the user is making calls via the REST API or the CLI)

jonuwz · ‎09-27-2012

I think its only the manager landing page that considers ACLs when deciding what links to display.

You can bypass the fact the 'Access controls' link is missing on the manager page by typing the url directly.

https://splunk:8000/en-GB/manager/search/authentication/users

yannK · ‎09-27-2012

yes, this is correct. The capabilities are not always enough to access some manager pages.
To solve this, make the role research inherit from the role user.

unable to change password / edit users

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024