Knowledge Management

Some of my users under LDAP are not displayed from the UI, however, all the missed users are still functioning

daniel_splunk
Splunk Employee
Splunk Employee

Some of my users under LDAP are not displayed from the UI, however, all the missed users are still functioning. The behaviour is the same even of I use the admin account to login.

Here is the etc/system/local/authorize.conf

 

 

 

[role_admin]
accelerate_search = enabled
change_own_password = enabled
delete_by_keyword = disabled
edit_search_schedule_window = enabled
edit_sourcetypes = enabled
edit_statsd_transforms = enabled
embed_report = enabled
export_results_is_visible = enabled
get_metadata = enabled
get_typeahead = enabled
grantableRoles = admin
importRoles =
input_file = enabled
list_inputs = enabled
list_metrics_catalog = enabled
output_file = enabled
pattern_detect = enabled
request_pstacks = enabled
request_remote_tok = enabled
rest_apps_view = enabled
rest_properties_get = enabled
rest_properties_set = enabled
rtsearch = enabled
run_multi_phased_searches = enabled
schedule_search = enabled
search = enabled
srchIndexesDefault = *;_*
srchMaxTime = 8640000
upload_lookup_files = enabled

 

 

 

 

Labels (1)
Tags (1)
0 Karma
1 Solution

daniel_splunk
Splunk Employee
Splunk Employee

From your authorize.conf, you have below grantableRoles set which will prevent users other than the one have 'admin' role to be displayed.

grantableRoles = admin

 

To fix this, you can just comment out the "grantableRoles = admin" and it will fix the issue and all user will be able to see from the UI.

 

View solution in original post

0 Karma

daniel_splunk
Splunk Employee
Splunk Employee

From your authorize.conf, you have below grantableRoles set which will prevent users other than the one have 'admin' role to be displayed.

grantableRoles = admin

 

To fix this, you can just comment out the "grantableRoles = admin" and it will fix the issue and all user will be able to see from the UI.

 

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...