Deployment Architecture

Role based Index restriction

anirudhk
Explorer

Hi There,

I am having a Distributed Splunk setup with a Search Head and 2 Indexers. I have few roles setup(Integrated to AD) with in the system with a role associated with a particular Index (srchIndexesAllowed = "" and srchIndexesDefault = ""). But this doesn't actually restrict users from accessing other index if explicitly provided.

I would need this to be implemented in my Environment to have complete control. How can I achieve this.

Regards
Anirudh

Tags (1)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Make sure your roles aren't inheriting more lenient permissions from parent roles.

0 Karma

anirudhk
Explorer

srchIndexesAllowed should Ideally have taken care of it. It the user being part of multiple group that caused this behaviour.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...