Security

Can I reduce my common user role configuration stanzas?

paimonsoror
Builder

I was wondering if there was a clean way that I could reduce my stanzas in authorize.conf? I was hoping that similar to indexes.conf I could really do some cleanup work by taking something like this:

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

and turning it into something like this:

[role_user]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_power]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user

But that didn't seem to work.

0 Karma
1 Solution

harsmarvania57
Ultra Champion

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

View solution in original post

0 Karma

harsmarvania57
Ultra Champion

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

0 Karma

DalJeanis
Legend

@paimonsoror - we've converted the comment that worked for you into an answer, so you can "accept" it and close the ticket.

0 Karma

paimonsoror
Builder

Fantastic thank you!

0 Karma

paimonsoror
Builder

This was perfect! Thanks. Slight thing i had to do was also add a 'default' stanza for the scheduled_rtsearch stuff (https://answers.splunk.com/answers/244087/how-to-disable-the-schedule-rtsearch-capability.html) and im good to go 🙂

0 Karma

paimonsoror
Builder

Oh thats a great idea! Let me test that out now .

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...