Security

Multiple Splunk roles with default App set - how is the default App chosen and is there a way to set precedence?

abechank
Engager

I have a team that uses multiple apps in Splunk. They have seperate LDAP groups that are given seperate Splunk roles . In these roles, they have the default app set. Here's a simplified case:

  1. Foo_ad maps to Foo_role with Foo_app set as the default App
  2. Bar_ad maps to Bar_role with Bar_app set as the default App

Is there a way to set the precedence of which app is chosen as the default App? I can't determine what happens when a user is given both of these roles. Is there a way to make it so if they have both then default to what Foo_role says?

nabeel652
Builder

Whichever last you'll set up will get precedence.

0 Karma

JordanPeterson
Path Finder

This thread is pretty old and I'm not sure if necroing is a thing here but I also had this question after an app in our prod environment decide to take control so I did some testing in my dev environment and I found it to be alphabetical.

So in this case Bar_app would be the default for anyone who has both and would need to manually be set in Access controls >> Users if you wanted it to be Foo_app. I'm not aware of any way to override this elsewhere.

0 Karma

ddrillic
Ultra Champion

yannK [Splunk] spoke about the issue at Set Default App by Role?

He said -

-- it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...