Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the best way to see all the role permissions assigned to each index?

rbrisseyii
Explorer
‎11-06-2018 07:19 AM

I would like to see what role has access to each index without clicking through each role. Is there a search that can do this for me, or some other way to see all the roles assigned to each index?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎11-06-2018 02:29 PM

I've added these to my app Alerts for SplunkAdmins:
SearchHeadLevel - Role access list by user
SearchHeadLevel - Index access list by user

Or github if you want just the searches

The only tweak to the accepted answer you might want to do is:

| rest /services/authorization/roles splunk_server="local" 
| table title, srchIndexesAllowed, srchIndexesDefault, imported_srchIndexesAllowed, imported_srchIndexesDefault
| rename title as roles
-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

View solution in original post

Reply
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎11-06-2018 02:29 PM

I've added these to my app Alerts for SplunkAdmins:
SearchHeadLevel - Role access list by user
SearchHeadLevel - Index access list by user

Or github if you want just the searches

The only tweak to the accepted answer you might want to do is:

| rest /services/authorization/roles splunk_server="local" 
| table title, srchIndexesAllowed, srchIndexesDefault, imported_srchIndexesAllowed, imported_srchIndexesDefault
| rename title as roles
-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Reply
Solved! Jump to solution

sudosplunk
Motivator
‎11-06-2018 08:49 AM

Give this a try,

| rest /services/authorization/roles | table title srchIndexesAllowed

Use this if you're using search head clustering,

| rest /services/authorization/roles splunk_server=SHC_Captain | table title srchIndexesAllowed
Reply
Solved! Jump to solution

rbrisseyii
Explorer
‎11-06-2018 09:07 AM

Thanks, that worked great!

0 Karma
Reply
Solved! Jump to solution

sudosplunk
Motivator
‎11-06-2018 09:30 AM

Glad it worked for you. Can you accept the answer to close this thread. Thx!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...