Security

Can I reduce my common user role configuration stanzas?

Builder

I was wondering if there was a clean way that I could reduce my stanzas in authorize.conf? I was hoping that similar to indexes.conf I could really do some cleanup work by taking something like this:

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

and turning it into something like this:

[role_user]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_power]
srchJobsQuota = 5
cumulativeSrchJobsQuota = 10
rtsearch = disabled
schedule_rtsearch = disabled

[role_infomgmtprd_user]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = user

[role_infomgmtprd_power]
srchIndexesAllowed = app_infomgmtprd
srchIndexesDefault = app_infomgmtprd
importRoles = power

[role_owa_power]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = power

[role_owa_user]
srchIndexesAllowed = app_owa
srchIndexesDefault = app_owa
importRoles = user

But that didn't seem to work.

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Hi @paimonsoror,

I'll suggest to create 2 new roles similar as user and power role and modify those roles based on your requirement and import those roles in other roles. I am running same kind of configuration and it is working perfectly fine.

Thanks,
Harshil

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

@paimonsoror - we've converted the comment that worked for you into an answer, so you can "accept" it and close the ticket.

0 Karma

Builder

Fantastic thank you!

0 Karma

Builder

This was perfect! Thanks. Slight thing i had to do was also add a 'default' stanza for the scheduled_rtsearch stuff (https://answers.splunk.com/answers/244087/how-to-disable-the-schedule-rtsearch-capability.html) and im good to go 🙂

0 Karma

Builder

Oh thats a great idea! Let me test that out now .

0 Karma