Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

clarification with role inheritance needed

damucka
Builder
‎10-21-2020 03:50 AM

Hello,

I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:

# Indexes that belong to the App
[role_s4_DCM_app_indexes]
srchIndexesAllowed = mlbso; mlbso_changelog
srchIndexesDefault = mlbso; mlbso_changelog

# Role for the users to access logs
[role_s4_DCM_app_user_logs]
importRoles = user, role_s4_DCM_app_indexes

# Role for the users to access all DB connections
[role_s4_DCM_app_user_dbcon]
importRoles = user, db_connect_user

# Role for the users to access both logs and DB
[role_s4_DCM_app_user]
importRoles = role_s4_DCM_app_user_dbcon, role_s4_DCM_app_user_logs

# Power user = user + administering of the db connections
[role_s4_DCM_app_power]
importRoles = role_s4_DCM_app_user, db_connect_admin

# ##################### Start:  DB connections to splecific databases ##################################
# The idea is to grant the access to specific objects then in the local.meta based on the roles

# ... copied for FRUN relevant objects 
[role_s4_DCM_app_user_FRUN]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Mshadow relevant objects 
[role_s4_DCM_app_user_Mshadow]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Pingdom relevant objects 
[role_s4_DCM_app_user_Pingdom]
importRoles = role_s4_DCM_app_user_dbcon

# ##################### End:  DB connections to splecific databases ####################################

 

however, when I check then in the UI interface, there is no inheritance visible for the new s4 roles, which I would expect to be based on the above:

damucka_0-1603276978821.png

What I did then was to manually change the inheritance in the UI for one of the roles (marked green: s4_dcm_app_user), restart and try to figure out which configuration file it would land in ... and nothing.

I used the following linux command:

splunk@ccd01v013355:/opt/splunkdev> grep -rnw '.' -e 'role_s4_DCM_app_user'

and it returned the same entries from the authorize.conf before and after the UI inheritance setting.

So, how would I properly set the inheritance in the configuration files? I need to do this there and not one by one in the UI ...

Kind Regards,

Kamil

Labels (1)
Labels
0 Karma
Reply

damucka
Builder
‎10-23-2020 07:32 AM

the issue got solved ... it was an simple mistake ("," instead of ";" ) in the importRoles.

It was:

importRoles = user, db_connect_user

 

it should be:

importRoles = user; db_connect_user

 

for all the corresponding roles.

Kind Regards,

Kamil

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...