Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Permissions to change the role of admin users in Splunk Console

splunkceh
Engager
‎07-10-2020 12:48 PM

I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from admin down to power.   The issue is that whenever I attempt to do this  it silently fails.  I click save and all is well but when I refresh the console they are still admin.  

We are authenticating with our AD accounts.   I am able to change the Role capabilities, but when I attempt to downgrade a user from admin to power there is not even an error message with feedback saying what happened to the operation.   

Any ideas?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-10-2020 07:10 PM

@splunkceh 

How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.

The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.

 

authentication.conf
admin = ADGroup1;ADGroup2

 

Lets say if the users are in ADGroup2, then you have to assign a different role the group like below

authentication.conf
admin = ADGroup1
user = ADGroup2

 

UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings

 

If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group

 

If this helps, upvote would be appreciated.

 

 

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-10-2020 11:30 PM

Hi @splunkceh ,

to change the role of an user, when using the LDAP authentication, you have to move it in a different AD group outside Splunk.

In Splunk you can only associate a role to an AD Group, not move users from groups or change role to an user.

Ciao.

Giuseppe

Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-10-2020 07:10 PM

@splunkceh 

How did you setup authentication? Since you have mentioned AD account I am assuming LDAP (OR) SAML.

The auth model works by mapping AD groups to a role. You need to remove the mapping between the users AD group and admin role. you can do it by either remove the mapping from UI OR back-end authentication.conf file.

 

authentication.conf
admin = ADGroup1;ADGroup2

 

Lets say if the users are in ADGroup2, then you have to assign a different role the group like below

authentication.conf
admin = ADGroup1
user = ADGroup2

 

UI:
settings -> authentication methods -> LDAP (OR) SAML -> select strategy (if LDAP) -> change mappings

 

If these users are part of the same user group as yours, then either you have to create a new AD group for admin role OR remove the users from this AD Group

 

If this helps, upvote would be appreciated.

 

 

Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top