Security

Multiple Splunk roles with default App set - how is the default App chosen and is there a way to set precedence?

abechank
Engager

I have a team that uses multiple apps in Splunk. They have seperate LDAP groups that are given seperate Splunk roles . In these roles, they have the default app set. Here's a simplified case:

  1. Foo_ad maps to Foo_role with Foo_app set as the default App
  2. Bar_ad maps to Bar_role with Bar_app set as the default App

Is there a way to set the precedence of which app is chosen as the default App? I can't determine what happens when a user is given both of these roles. Is there a way to make it so if they have both then default to what Foo_role says?

nabeel652
Builder

Whichever last you'll set up will get precedence.

0 Karma

JordanPeterson
Path Finder

This thread is pretty old and I'm not sure if necroing is a thing here but I also had this question after an app in our prod environment decide to take control so I did some testing in my dev environment and I found it to be alphabetical.

So in this case Bar_app would be the default for anyone who has both and would need to manually be set in Access controls >> Users if you wanted it to be Foo_app. I'm not aware of any way to override this elsewhere.

0 Karma

ddrillic
Ultra Champion

yannK [Splunk] spoke about the issue at Set Default App by Role?

He said -

-- it's in defined in the role as "default app" in manager > access controls > Roles > ....
And can be overwritten by the users in their own user preferences.
I do not know who win in case of roles inheritance, or users members of multiple roles.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...