Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

clarification with role inheritance needed

damucka
Builder
‎10-21-2020 03:50 AM

Hello,

I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:

# Indexes that belong to the App
[role_s4_DCM_app_indexes]
srchIndexesAllowed = mlbso; mlbso_changelog
srchIndexesDefault = mlbso; mlbso_changelog

# Role for the users to access logs
[role_s4_DCM_app_user_logs]
importRoles = user, role_s4_DCM_app_indexes

# Role for the users to access all DB connections
[role_s4_DCM_app_user_dbcon]
importRoles = user, db_connect_user

# Role for the users to access both logs and DB
[role_s4_DCM_app_user]
importRoles = role_s4_DCM_app_user_dbcon, role_s4_DCM_app_user_logs

# Power user = user + administering of the db connections
[role_s4_DCM_app_power]
importRoles = role_s4_DCM_app_user, db_connect_admin

# ##################### Start:  DB connections to splecific databases ##################################
# The idea is to grant the access to specific objects then in the local.meta based on the roles

# ... copied for FRUN relevant objects 
[role_s4_DCM_app_user_FRUN]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Mshadow relevant objects 
[role_s4_DCM_app_user_Mshadow]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Pingdom relevant objects 
[role_s4_DCM_app_user_Pingdom]
importRoles = role_s4_DCM_app_user_dbcon

# ##################### End:  DB connections to splecific databases ####################################

 

however, when I check then in the UI interface, there is no inheritance visible for the new s4 roles, which I would expect to be based on the above:

damucka_0-1603276978821.png

What I did then was to manually change the inheritance in the UI for one of the roles (marked green: s4_dcm_app_user), restart and try to figure out which configuration file it would land in ... and nothing.

I used the following linux command:

splunk@ccd01v013355:/opt/splunkdev> grep -rnw '.' -e 'role_s4_DCM_app_user'

and it returned the same entries from the authorize.conf before and after the UI inheritance setting.

So, how would I properly set the inheritance in the configuration files? I need to do this there and not one by one in the UI ...

Kind Regards,

Kamil

Labels (1)
Labels
0 Karma
Reply

damucka
Builder
‎10-23-2020 07:32 AM

the issue got solved ... it was an simple mistake ("," instead of ";" ) in the importRoles.

It was:

importRoles = user, db_connect_user

 

it should be:

importRoles = user; db_connect_user

 

for all the corresponding roles.

Kind Regards,

Kamil

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...