Splunk multi-roles

New Member


I have two roles:

Role A: Restriction to status=500
Role B: Restriction to status=440

User ABC need to have only access to this two status (500 and 440) and User QAZ to status 500.

I added role B to User QAZ and it's working and Role A and B to User ABC.

For User QAZ it's working but for user ABC it's not working.
User QAZ only see status 500 but User ABC see everything.

So one restriction for user is working but not two.

I can't do this in one Role status 500 and 400. I need to have two Roles.

Tags (2)
0 Karma


Can you create Role C: Restriction to (status=500) OR (status=440) ?

If this reply helps you, an upvote would be appreciated.
0 Karma