Security

How can I make sure a role setting takes precedence over other role settings?

Influencer

I have a user that belongs to a few roles that use LDAP for auth. These roles have srchMaxTime set to 600. I need to cap the user at 300 seconds for srchMaxTime. I have set-up 2 roles named aaa_search_abuser and zzz_search_abuser with this setting, and assigned the user to those roles (in addition the the other roles he belongs to). However, the user still shows with a 600 srchMaxTime. It seems like the role engine is choosing the highest value, not any sort of order-based process.

How can I make sure a role setting takes precedence over other role settings?

thanks

0 Karma

SplunkTrust
SplunkTrust

According to authorize.conf.spec srchMaxTime inherits the maximum from the other roles.

http://docs.splunk.com/Documentation/Splunk/6.5.1/admin/Authorizeconf

Looks like you need a role specifically for this user.

0 Karma

Ultra Champion
0 Karma