https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540017#M4950 <P>authorize.conf is used for mapping capabilities to roles</P><P>&nbsp;</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/authorizeconf" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/authorizeconf</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 15 Feb 2021 20:17:01 GMT edwardrose 2021-02-15T20:17:01Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540001#M4944 <P>Hello All,</P><P>&nbsp;</P><P>I am trying to find where a user is getting mapped to a role.&nbsp; I can see that the user is mapped to the power role in the webui, but I do not see the user being mapped there in /opt/splunk/etc/system/local/authentication.conf.&nbsp; So what am I missing?&nbsp; Also there is nothing in /opt/splunk/etc/apps/* that would map the user to the power role.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thoughts?</P><P>thanks</P><P>ed</P> Mon, 15 Feb 2021 17:41:02 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540001#M4944 edwardrose 2021-02-15T17:41:02Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540017#M4950 <P>authorize.conf is used for mapping capabilities to roles</P><P>&nbsp;</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/authorizeconf" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/authorizeconf</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 15 Feb 2021 20:17:01 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540017#M4950 edwardrose 2021-02-15T20:17:01Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540038#M4951 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/166292">@edwardrose</a>,</P><P>User role mappings are in below file;</P><LI-CODE lang="markup">$SPLUNK_HOME/etc/passwd</LI-CODE><P>&nbsp;</P> Tue, 16 Feb 2021 03:36:37 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540038#M4951 scelikok 2021-02-16T03:36:37Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540096#M4964 <P><STRIKE>There is no role mapping info in the passwd file,&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/206061">@scelikok</a>&nbsp;</STRIKE></P> Tue, 16 Feb 2021 18:40:04 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540096#M4964 richgalloway 2021-02-16T18:40:04Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540114#M4967 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>,</P><P>Inside $SPLUNK_HOME/etc/passwd below bold field is user role for local Splun authentication.&nbsp;If user has more roles they are listed there comma separated.</P><P>:admin:password_hash::Administrator:<STRONG>admin</STRONG>:changeme@example.com:::18624</P><P>In case of LDAP authentication user -&gt; role mapping is in authentication.conf</P> Tue, 16 Feb 2021 14:58:02 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540114#M4967 scelikok 2021-02-16T14:58:02Z https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540145#M4969 <P>Thanks for straightening me out,&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/206061">@scelikok</a>&nbsp;.&nbsp; I ran a quick test and the mapping of user to role(s) is indeed in passwd.&nbsp; Authorize.conf maps the roles to capabilities and other settings.</P><P>I'll remove my erroneous answer to avoid confusion.</P> Tue, 16 Feb 2021 18:39:02 GMT https://community.splunk.com/t5/Splunk-Enterprise/User-Mapping/m-p/540145#M4969 richgalloway 2021-02-16T18:39:02Z