Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Re: How are permissions inherited by roles?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The splunk documentation describes how users inherit role properties
(allowed indexes are combined, as well as capabilities thus more roles can only relax the restrictions, but search filters work the other way around, so that combining roles makes it only more restrictive)
I was wondering how permissions are inherited by roles. So for example if I set a read permission for a lookup table to a sales_dashboard role and then let the sales_manager role inherit from sales_dashboard, would a user with sales_manager but not sales_dashboard be able to view that lookup?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I read your question correctly,
"... then let the sales_manager role inherit from sales_dashboard..."
means that there is no such thing as
"... a user with sales_manager but not sales_dashboard ..."
So a person who only has the sales_manager role directly, but does not directly have the sales_dashboard role, should still be able to view the dashboard by that inherited right, unless you took that part away from the sales_manager role.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I read your question correctly,
"... then let the sales_manager role inherit from sales_dashboard..."
means that there is no such thing as
"... a user with sales_manager but not sales_dashboard ..."
So a person who only has the sales_manager role directly, but does not directly have the sales_dashboard role, should still be able to view the dashboard by that inherited right, unless you took that part away from the sales_manager role.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, that's exactly what I meant, thanks for clearing that up.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm guessing your last statement is either incomplete or truncated. IMO, users in both sales_manager and sales_dashboard role should be able to see the lookup.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
