Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

clarification with role inheritance needed

damucka
Builder
‎10-21-2020 03:50 AM

Hello,

I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:

# Indexes that belong to the App
[role_s4_DCM_app_indexes]
srchIndexesAllowed = mlbso; mlbso_changelog
srchIndexesDefault = mlbso; mlbso_changelog

# Role for the users to access logs
[role_s4_DCM_app_user_logs]
importRoles = user, role_s4_DCM_app_indexes

# Role for the users to access all DB connections
[role_s4_DCM_app_user_dbcon]
importRoles = user, db_connect_user

# Role for the users to access both logs and DB
[role_s4_DCM_app_user]
importRoles = role_s4_DCM_app_user_dbcon, role_s4_DCM_app_user_logs

# Power user = user + administering of the db connections
[role_s4_DCM_app_power]
importRoles = role_s4_DCM_app_user, db_connect_admin

# ##################### Start:  DB connections to splecific databases ##################################
# The idea is to grant the access to specific objects then in the local.meta based on the roles

# ... copied for FRUN relevant objects 
[role_s4_DCM_app_user_FRUN]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Mshadow relevant objects 
[role_s4_DCM_app_user_Mshadow]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Pingdom relevant objects 
[role_s4_DCM_app_user_Pingdom]
importRoles = role_s4_DCM_app_user_dbcon

# ##################### End:  DB connections to splecific databases ####################################

 

however, when I check then in the UI interface, there is no inheritance visible for the new s4 roles, which I would expect to be based on the above:

damucka_0-1603276978821.png

What I did then was to manually change the inheritance in the UI for one of the roles (marked green: s4_dcm_app_user), restart and try to figure out which configuration file it would land in ... and nothing.

I used the following linux command:

splunk@ccd01v013355:/opt/splunkdev> grep -rnw '.' -e 'role_s4_DCM_app_user'

and it returned the same entries from the authorize.conf before and after the UI inheritance setting.

So, how would I properly set the inheritance in the configuration files? I need to do this there and not one by one in the UI ...

Kind Regards,

Kamil

Labels (1)
Labels
0 Karma
Reply

damucka
Builder
‎10-23-2020 07:32 AM

the issue got solved ... it was an simple mistake ("," instead of ";" ) in the importRoles.

It was:

importRoles = user, db_connect_user

 

it should be:

importRoles = user; db_connect_user

 

for all the corresponding roles.

Kind Regards,

Kamil

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...