- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Permissions to change the role of admin users in S...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from admin down to power. The issue is that whenever I attempt to do this it silently fails. I click save and all is well but when I refresh the console they are still admin.
We are authenticating with our AD accounts. I am able to change the Role capabilities, but when I attempt to downgrade a user from admin to power there is not even an error message with feedback saying what happened to the operation.
Any ideas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.
The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.
authentication.conf
admin = ADGroup1;ADGroup2
Lets say if the users are in ADGroup2, then you have to assign a different role the group like below
authentication.conf
admin = ADGroup1
user = ADGroup2
UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings
If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group
If this helps, upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @splunkceh ,
to change the role of an user, when using the LDAP authentication, you have to move it in a different AD group outside Splunk.
In Splunk you can only associate a role to an AD Group, not move users from groups or change role to an user.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.
The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.
authentication.conf
admin = ADGroup1;ADGroup2
Lets say if the users are in ADGroup2, then you have to assign a different role the group like below
authentication.conf
admin = ADGroup1
user = ADGroup2
UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings
If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group
If this helps, upvote would be appreciated.
Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!
Introducing Edge Processor: Next Gen Data Transformation
Take the 2021 Splunk Career Survey for $50 in Amazon Cash
