Security

Can I reduce my common user role configuration stanzas?

paimonsoror
Builder

I was wondering if there was a clean way that I could reduce my stanzas in authorize.conf? I was hoping that similar to indexes.conf I could really do some cleanup work by taking something like this:

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

and turning it into something like this:

[role_user]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_power]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user

But that didn't seem to work.

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

@paimonsoror - we've converted the comment that worked for you into an answer, so you can "accept" it and close the ticket.

0 Karma

paimonsoror
Builder

Fantastic thank you!

0 Karma

paimonsoror
Builder

This was perfect! Thanks. Slight thing i had to do was also add a 'default' stanza for the scheduled_rtsearch stuff (https://answers.splunk.com/answers/244087/how-to-disable-the-schedule-rtsearch-capability.html) and im good to go 🙂

0 Karma

paimonsoror
Builder

Oh thats a great idea! Let me test that out now .

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...