Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Admin cannot change users' roles
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Admin cannot change users' roles
Under Splunk>Manager>>Access controls>>Users, I cannot assign/remove roles from the "Available roles" and "Selected roles" lists; all of the roles in both sections are greyed out and do not respond to clicks. The users are mapped to Splunk via LDAP and I've remapped groups multiple times.
I have repeatedly verified I am an admin user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you have configured authentication using LDAP, you can't modify User from Manager » Access controls » Users (role association). You would have to update the role association to the LDAP group (instead of user within the group) using LDAP strategies. See below documentation for steps:
http://docs.splunk.com/Documentation/Splunk/latest/Security/MapLDAPgroupstoSplunkroles
Other options is using authentication.conf file update.
http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureLDAPwithconfigurationfiles
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Had the same problem except nothing was greyed out, but instead whenever I removed a role from a LDAP user it would just revert back to having that role. Ended up deleting the role from the [rolemap_mycompany] stanza in authentication.conf in system/local and rebooted (not sure if needed) and that worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone have an answer for this one? I'm having the same issue with LDAP.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not very familiar with using LDAP authentication in Splunk but I am familiar with using scripted authentication which is similar. With scripted authentication, the roles are expected to be provided by the authentication script and thus the roles editor is disabled in the manager. I suspect this is the same issue you are seeing here.
I opened an enhancement request asking for the ability to override the automatically defined roles. You may want to do the same.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
