topic Multiple Roles inherited from LDAP Group Memberships in Security https://community.splunk.com/t5/Security/Multiple-Roles-inherited-from-LDAP-Group-Memberships/m-p/45149#M1488 <P>I have several indexes and created a role in splunk for each index. We have a RBAC system in place to grant users group memberships in our eDirectory based MetaDirectory. I map each splunk role to a LDAP groupmembership.</P> <P>If a user has only one groupmembership all works fine.<BR /> If a user receives a second group membership it is shown fine in the user overview in Splunk Administration<BR /> The user does however not see the content of the index to which it received access by the second (N'th) group membership.</P> <P>I modeled the role such that they have access to one index, the capability search and rtsearch.</P> <P>What am i doing wrong?</P> Tue, 28 Aug 2012 08:38:51 GMT dominiquevocat 2012-08-28T08:38:51Z Multiple Roles inherited from LDAP Group Memberships https://community.splunk.com/t5/Security/Multiple-Roles-inherited-from-LDAP-Group-Memberships/m-p/45149#M1488 <P>I have several indexes and created a role in splunk for each index. We have a RBAC system in place to grant users group memberships in our eDirectory based MetaDirectory. I map each splunk role to a LDAP groupmembership.</P> <P>If a user has only one groupmembership all works fine.<BR /> If a user receives a second group membership it is shown fine in the user overview in Splunk Administration<BR /> The user does however not see the content of the index to which it received access by the second (N'th) group membership.</P> <P>I modeled the role such that they have access to one index, the capability search and rtsearch.</P> <P>What am i doing wrong?</P> Tue, 28 Aug 2012 08:38:51 GMT https://community.splunk.com/t5/Security/Multiple-Roles-inherited-from-LDAP-Group-Memberships/m-p/45149#M1488 dominiquevocat 2012-08-28T08:38:51Z Re: Multiple Roles inherited from LDAP Group Memberships https://community.splunk.com/t5/Security/Multiple-Roles-inherited-from-LDAP-Group-Memberships/m-p/45150#M1489 <P>The roles were configured via the GUI and i assigned indizes to the roles. Seemingly each role had a srchFilter entry in the authorize.conf which caused the problem. Manually clearing the srchFilter from the authorize.conf seems to solve the issue.</P> Thu, 30 Aug 2012 11:03:22 GMT https://community.splunk.com/t5/Security/Multiple-Roles-inherited-from-LDAP-Group-Memberships/m-p/45150#M1489 dominiquevocat 2012-08-30T11:03:22Z