Re: Issue with assigning users to roles

asingh90 · ‎01-06-2013

Hi all,

I am fairly new to Splunk but i have a little bit of experiance with setting it up and making accounts and roles ect however i have hit a brick wall with this issue.

I recently created a role called basic and assigned a user to that role. As the role mentions the role is very basic and only give the user the capability to search,real time search and change their own password. At the moment the user only has access to the summary index.

Now the issue occurs when i add a user to the basic role.

Once the user is assigned and they try to log in they are unable to access the system,infact all users are unable to access the system. Users once authenticated are asked to check the web_service.log file. Searching through the log file the following errors appear

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_status" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_detail_activity" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_user_activity" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_ui_activity" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "index_status" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "index_status_health" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "indexing_volume" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "splunkd_status" is referenced in the navigation definition for "search".

2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "splunkweb_status" is referenced in the navigation definition for "search".

If i go to \etc\system\local\authorize.conf and remove the role from the file, everything is back to normal, but the user will not have a role mapped to their account.

Any thoughts or help in this space will be much appreciated.
Thanks in advance,

Anu

MarioM · ‎01-07-2013

those views are related to internal index (index=_*) then you need either:

to give them access to internal indexes
remove those views from search app
create a barebones custom app (recommanded)

asingh90 · ‎01-07-2013

Thanks for that advice. The thing i find odd is that, looking at the roles that a shipped out with splunk when installed such as Power or User is that they themselves do not have access to internal indexes but everything seems fine. Eitherway I will give it a go. Thanks for your input!

Issue with assigning users to roles

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation