I have a team that uses multiple apps in Splunk. They have seperate LDAP groups that are given seperate Splunk roles . In these roles, they have the default app set. Here's a simplified case:
Foo_appset as the default App
Bar_appset as the default App
Is there a way to set the precedence of which app is chosen as the default App? I can't determine what happens when a user is given both of these roles. Is there a way to make it so if they have both then default to what
This thread is pretty old and I'm not sure if necroing is a thing here but I also had this question after an app in our prod environment decide to take control so I did some testing in my dev environment and I found it to be alphabetical.
So in this case Bar_app would be the default for anyone who has both and would need to manually be set in Access controls >> Users if you wanted it to be Foo_app. I'm not aware of any way to override this elsewhere.
yannK [Splunk] spoke about the issue at Set Default App by Role?
He said -
-- it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.