where to grant access ..in access control ? give me steps
please give me detailed steps on how to gove splunk access with roles
There are multiple ways you can authenticate users to splunk.
Below steps for LDAP authentication for Active directory based configuration. for more details check below links,
http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authenticationconf#authentication.conf.examp...
http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authorizeconf#authorize.conf.example
$SPLUNK_HOME/etc/system/local/authentication.conf
[authentication]
authSettings = AD
authType = LDAP
[AD]
SSLEnabled = 1
bindDN = ldap_bind@splunksupport.kom
bindDNpassword = ldap_bind_user_password
groupBaseDN = CN=Groups,DC=splunksupport,DC=kom
groupBaseFilter =
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ADbogus.splunksupport.kom
port = 636
realNameAttribute = cn
userBaseDN = CN=Users,DC=splunksupport,DC=kom
userBaseFilter =
userNameAttribute = sAMAccountName
timelimit = 15
network_timeout = 20
anonymous_referrals = 0
[roleMap_AD]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers
new_user = adgroupnewuser;adgroupnewuser1 ### AD group name
$SPLUNK_HOME/etc/system/local/authorize.conf
[role_new_user]
rtsearch = enabled
importRoles = user
srchFilter = host=foo
srchIndexesAllowed = *
srchIndexesDefault = mail;main
srchJobsQuota = 8
rtSrchJobsQuota = 8
srchDiskQuota = 500
I hope this helps
Plenty of documentation. Feel free to ask additional questions on any specific issues you get stuck with. https://docs.splunk.com/Documentation/Splunk/latest/Security/UseaccesscontroltosecureSplunkdata