Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Permissions to change the role of admin users in Splunk Console

splunkceh
Engager
‎07-10-2020 12:48 PM

I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from admin down to power.   The issue is that whenever I attempt to do this  it silently fails.  I click save and all is well but when I refresh the console they are still admin.  

We are authenticating with our AD accounts.   I am able to change the Role capabilities, but when I attempt to downgrade a user from admin to power there is not even an error message with feedback saying what happened to the operation.   

Any ideas?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-10-2020 07:10 PM

@splunkceh 

How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.

The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.

 

authentication.conf
admin = ADGroup1;ADGroup2

 

Lets say if the users are in ADGroup2, then you have to assign a different role the group like below

authentication.conf
admin = ADGroup1
user = ADGroup2

 

UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings

 

If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group

 

If this helps, upvote would be appreciated.

 

 

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-10-2020 11:30 PM

Hi @splunkceh ,

to change the role of an user, when using the LDAP authentication, you have to move it in a different AD group outside Splunk.

In Splunk you can only associate a role to an AD Group, not move users from groups or change role to an user.

Ciao.

Giuseppe

Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-10-2020 07:10 PM

@splunkceh 

How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.

The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.

 

authentication.conf
admin = ADGroup1;ADGroup2

 

Lets say if the users are in ADGroup2, then you have to assign a different role the group like below

authentication.conf
admin = ADGroup1
user = ADGroup2

 

UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings

 

If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group

 

If this helps, upvote would be appreciated.

 

 

Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...