https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650813#M16847 <P>PickleRick, seems you were right, and thanks for the response.&nbsp;<BR />There was a bug reported in 2019, that in my opinion is back with v9.1.0.1. Reference:&nbsp;<A href="https://community.splunk.com/t5/Security/Admin-can-t-see-users-with-a-certain-role-and-we-can-t-take-out/m-p/399779" target="_self">https://community.splunk.com/t5/Security/Admin-can-t-see-users-with-a-certain-role-and-we-can-t-take-out/m-p/399779</A>&nbsp;<BR /><BR />Adding all roles to 'grandableRoles' solved the problem.&nbsp; Consider this a bug since the problem appeared immediately on several deployments, all unrelated to each other, that all worked fine immediately preceding upgrade.&nbsp;&nbsp;</P> Mon, 17 Jul 2023 16:14:12 GMT tlmayes 2023-07-17T16:14:12Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650181#M16797 <P>Upgraded several independent instances of Splunk Enterprise from various starting points, all to 9.1.0.1.&nbsp; &nbsp;Some clustered, some standalone.</P><UL><LI>8.1 -&gt; 9.1.0.1</LI><LI>9.0.1 -&gt; 9.1.0.1</LI></UL><P>All had the same outcome:&nbsp; When browsing to: Settings &gt; Users and Authentication &gt; Users, most but not all users are no longer visible in the 'Users' list, but the users still have access as validate by Splunk logs.&nbsp; In the most severe case there were 100+ users, mostly SAML, some local.&nbsp; Post upgrade there are 4 showing, yet in validation all can still login</P> Wed, 12 Jul 2023 13:02:16 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650181#M16797 tlmayes 2023-07-12T13:02:16Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650520#M16824 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/84018">@tlmayes</a>&nbsp;- I don't see any known issues, hence I would say create a Splunk support case.</P><P>&nbsp;</P><P>I hope this helps!! Consider upvoting!!!</P> Fri, 14 Jul 2023 09:46:55 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650520#M16824 VatsalJagani 2023-07-14T09:46:55Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650560#M16825 <P>I used to have a similar problem (but at some earlier version) due to wrong entries in authorize.conf</P><P>If I remember correctly, it had something to do with a role having set edit_roles_grantable privilege but not having defined grantableRoles parameter. User with such role would not show in the users list but would still be able to authenticate to web interface and use the system normally.</P> Fri, 14 Jul 2023 13:28:44 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650560#M16825 PickleRick 2023-07-14T13:28:44Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650813#M16847 <P>PickleRick, seems you were right, and thanks for the response.&nbsp;<BR />There was a bug reported in 2019, that in my opinion is back with v9.1.0.1. Reference:&nbsp;<A href="https://community.splunk.com/t5/Security/Admin-can-t-see-users-with-a-certain-role-and-we-can-t-take-out/m-p/399779" target="_self">https://community.splunk.com/t5/Security/Admin-can-t-see-users-with-a-certain-role-and-we-can-t-take-out/m-p/399779</A>&nbsp;<BR /><BR />Adding all roles to 'grandableRoles' solved the problem.&nbsp; Consider this a bug since the problem appeared immediately on several deployments, all unrelated to each other, that all worked fine immediately preceding upgrade.&nbsp;&nbsp;</P> Mon, 17 Jul 2023 16:14:12 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Enterprise-upgrade-to-9-1-0-1-all-users-disappeared/m-p/650813#M16847 tlmayes 2023-07-17T16:14:12Z