Security

Why are my role-based search filters are not being applied?

Path Finder

I created a role to manage data access for users in a certain LDAP group called role-user.
This role has a search filter:
I then created a new user account called, role-user-test, in order to verify that this role works correctly.
I made sure that the search filter had been applied is visible to the user by doing the search specified here.

+----------------+--------+-------------------------------+ 
| title          | roles        | search filter           |
+----------------+--------+-------------------------------+ 
| role-user-test |role-user; user | "| search Location=SAX_*" |
+----------------+--------+-------------------------------+ 

However, when I logged in as that user and tried searches, it doesn't seem to be applying the search filter to the user's query at all!
The results I see in searches, reports and dashboards still contain results that should have been filtered out.
I also tried specifying the search filter different ways, e.g. "Location=SAX_"
Are there other configurations for using search filters that I could be missing?

Thanks.

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Can you just try putting in only the search terms ie

Location="SAX_*"

Once you run the search check the job inspector to see what's the final search Splunk executed (normalizedSearch OR remoteSearch)

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Can you just try putting in only the search terms ie

Location="SAX_*"

Once you run the search check the job inspector to see what's the final search Splunk executed (normalizedSearch OR remoteSearch)

View solution in original post

0 Karma