Security
Highlighted

How are permissions inherited by roles?

Path Finder

The splunk documentation describes how users inherit role properties
(allowed indexes are combined, as well as capabilities thus more roles can only relax the restrictions, but search filters work the other way around, so that combining roles makes it only more restrictive)

I was wondering how permissions are inherited by roles. So for example if I set a read permission for a lookup table to a salesdashboard role and then let the salesmanager role inherit from salesdashboard, would a user with salesmanager but not sales_dashboard be able to view that lookup?

0 Karma
Highlighted

Re: How are permissions inherited by roles?

SplunkTrust
SplunkTrust

I'm guessing your last statement is either incomplete or truncated. IMO, users in both salesmanager and salesdashboard role should be able to see the lookup.

0 Karma
Highlighted

Re: How are permissions inherited by roles?

SplunkTrust
SplunkTrust

If I read your question correctly,

"... then let the salesmanager role inherit from salesdashboard..."

means that there is no such thing as

"... a user with salesmanager but not salesdashboard ..."

So a person who only has the salesmanager role directly, but does not directly have the salesdashboard role, should still be able to view the dashboard by that inherited right, unless you took that part away from the sales_manager role.

View solution in original post

0 Karma
Highlighted

Re: How are permissions inherited by roles?

Path Finder

Yes, that's exactly what I meant, thanks for clearing that up.