The splunk documentation describes how users inherit role properties
(allowed indexes are combined, as well as capabilities thus more roles can only relax the restrictions, but search filters work the other way around, so that combining roles makes it only more restrictive)
I was wondering how permissions are inherited by roles. So for example if I set a read permission for a lookup table to a sales_dashboard role and then let the sales_manager role inherit from sales_dashboard, would a user with sales_manager but not sales_dashboard be able to view that lookup?
If I read your question correctly,
"... then let the sales_manager role inherit from sales_dashboard..."
means that there is no such thing as
"... a user with sales_manager but not sales_dashboard ..."
So a person who only has the sales_manager role directly, but does not directly have the sales_dashboard role, should still be able to view the dashboard by that inherited right, unless you took that part away from the sales_manager role.
If I read your question correctly,
"... then let the sales_manager role inherit from sales_dashboard..."
means that there is no such thing as
"... a user with sales_manager but not sales_dashboard ..."
So a person who only has the sales_manager role directly, but does not directly have the sales_dashboard role, should still be able to view the dashboard by that inherited right, unless you took that part away from the sales_manager role.
Yes, that's exactly what I meant, thanks for clearing that up.
I'm guessing your last statement is either incomplete or truncated. IMO, users in both sales_manager and sales_dashboard role should be able to see the lookup.