search

deductiv / kvstore_tools

KV Store Tools Redux app for Splunk
https://www.deductiv.net
Other
3 stars 6 forks source link

Splunk Support wants capabilities above roles in authorize.conf #12

Open ios7hash opened 3 months ago

ios7hash commented 3 months ago

The KV Store Tools Redux app is currently setting importRoles for role_admin which should not be done. Instead the app developer should be granting their custom capabilities to role_admin and role_sc_admin. Here is the current config in authorize.conf for the app:

[role_admin] importRoles = power;user;kv_admin

[capability::read_kvst_config] [capability::write_kvst_config]

It should look something more like this:

[capability::read_kvst_config] [capability::write_kvst_config]

[role_admin] read_kvst_config = enabled write_kvst_config = enabled

jrzmurray commented 3 months ago

For future reference to users having role issues in Splunk Cloud, here is a workaround:

  1. Delete the KV Store Tools app from Splunk Cloud
  2. Add a new role called kv_admin
  3. Add kv_admin to the inherited roles for sc_admin (or whatever role you have)
  4. Reinstall KV Store Tools

We'll be working on an official fix in the near future.