Splunk Enterprise

clarification with role inheritance needed

damucka
Builder

Hello,

I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:

# Indexes that belong to the App
[role_s4_DCM_app_indexes]
srchIndexesAllowed = mlbso; mlbso_changelog
srchIndexesDefault = mlbso; mlbso_changelog

# Role for the users to access logs
[role_s4_DCM_app_user_logs]
importRoles = user, role_s4_DCM_app_indexes

# Role for the users to access all DB connections
[role_s4_DCM_app_user_dbcon]
importRoles = user, db_connect_user

# Role for the users to access both logs and DB
[role_s4_DCM_app_user]
importRoles = role_s4_DCM_app_user_dbcon, role_s4_DCM_app_user_logs

# Power user = user + administering of the db connections
[role_s4_DCM_app_power]
importRoles = role_s4_DCM_app_user, db_connect_admin

# ##################### Start:  DB connections to splecific databases ##################################
# The idea is to grant the access to specific objects then in the local.meta based on the roles

# ... copied for FRUN relevant objects 
[role_s4_DCM_app_user_FRUN]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Mshadow relevant objects 
[role_s4_DCM_app_user_Mshadow]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Pingdom relevant objects 
[role_s4_DCM_app_user_Pingdom]
importRoles = role_s4_DCM_app_user_dbcon

# ##################### End:  DB connections to splecific databases ####################################

 

however, when I check then in the UI interface, there is no inheritance visible for the new s4 roles, which I would expect to be based on the above:

damucka_0-1603276978821.png

What I did then was to manually change the inheritance in the UI for one of the roles (marked green: s4_dcm_app_user), restart and try to figure out which configuration file it would land in ... and nothing.

I used the following linux command:

splunk@ccd01v013355:/opt/splunkdev> grep -rnw '.' -e 'role_s4_DCM_app_user'

and it returned the same entries from the authorize.conf before and after the UI inheritance setting.

So, how would I properly set the inheritance in the configuration files? I need to do this there and not one by one in the UI ...

Kind Regards,

Kamil

Labels (1)
0 Karma

damucka
Builder

the issue got solved ... it was an simple mistake ("," instead of ";" ) in the importRoles.

It was:

importRoles = user, db_connect_user

 

it should be:

importRoles = user; db_connect_user

 

for all the corresponding roles.

Kind Regards,

Kamil

0 Karma
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...