Multiple Splunk roles with default App set - how i...

abechank · ‎06-13-2017

I have a team that uses multiple apps in Splunk. They have seperate LDAP groups that are given seperate Splunk roles . In these roles, they have the default app set. Here's a simplified case:

Foo_ad maps to Foo_role with Foo_app set as the default App
Bar_ad maps to Bar_role with Bar_app set as the default App

Is there a way to set the precedence of which app is chosen as the default App? I can't determine what happens when a user is given both of these roles. Is there a way to make it so if they have both then default to what Foo_role says?

nabeel652 · ‎01-24-2018

Whichever last you'll set up will get precedence.

JordanPeterson · ‎01-24-2018

This thread is pretty old and I'm not sure if necroing is a thing here but I also had this question after an app in our prod environment decide to take control so I did some testing in my dev environment and I found it to be alphabetical.

So in this case Bar_app would be the default for anyone who has both and would need to manually be set in Access controls >> Users if you wanted it to be Foo_app. I'm not aware of any way to override this elsewhere.

ddrillic · ‎06-13-2017

yannK [Splunk] spoke about the issue at Set Default App by Role?

He said -

-- it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.

Multiple Splunk roles with default App set - how is the default App chosen and is there a way to set precedence?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!