If a user without 'admin_all_objects' capability tries to decrypt, he get's an error:
External search command 'crypt' returned error code 1. Script output = " ERROR "HTTPError at ""/opt/splunk/etc/apps/SA-hypercrypto/bin/splunklib/binding.py"", line 1111 : HTTP 403 Forbidden -- In handler 'passwords': You (user=hrlegal) do not have permission to perform this operation (requires capability: admin_all_objects)." "
Solution: Create a custom splunkd enpoint running as splunk-systems-user as an interface between the search command and the storage endpoint
If a user without 'admin_all_objects' capability tries to decrypt, he get's an error:
External search command 'crypt' returned error code 1. Script output = " ERROR "HTTPError at ""/opt/splunk/etc/apps/SA-hypercrypto/bin/splunklib/binding.py"", line 1111 : HTTP 403 Forbidden -- In handler 'passwords': You (user=hrlegal) do not have permission to perform this operation (requires capability: admin_all_objects)." "Solution: Create a custom splunkd enpoint running as splunk-systems-user as an interface between the search command and the storage endpoint