I am adding a new role to allow analysts to access the `Monitoring Console`. I believe that the minimum set of `capabilities` for this to be these:
[role_moncon_user]
# ==== Capabilities ====
dispatch_rest_to_indexers = enabled
list_accelerate_search = enabled
list_app_certs = enabled
list_deployment_client = enabled
list_deployment_server = enabled
list_forwarders = enabled
list_health = enabled
list_httpauths = enabled
list_indexer_cluster = enabled
list_indexerdiscovery = enabled
list_inputs = enabled
list_introspection = enabled
list_metrics_catalog = enabled
list_pipeline_sets = enabled
list_search_head_clustering = enabled
list_search_scheduler = enabled
list_settings = enabled
list_storage_passwords = enabled
list_tokens_all = enabled
list_tokens_own = enabled
list_workload_pools = enabled
list_workload_rules = enabled
# ==== Index Values ====
srchIndexesAllowed = *;_*
I added this to `authorize.conf` file in the `client_all_search_base` app and restarted Splunk; so far, so good. However when I try to assign this `moncon_user` role to anybody, after clicking `Save` it fails with `Role=moncon_user is not grantable`. I figured that I would be able to brute-force it in by manually adding it to a user in the `$SPLUNK_HOME/etc/passwd` file but all that did was cause splunk to disable that user completely (it doesn't even show in the GUI at all after that).
What is really happening and how can I get this to work?
↧
