Splunk Enterprise

clarification with role inheritance needed

damucka
Builder

Hello,

I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:

# Indexes that belong to the App
[role_s4_DCM_app_indexes]
srchIndexesAllowed = mlbso; mlbso_changelog
srchIndexesDefault = mlbso; mlbso_changelog

# Role for the users to access logs
[role_s4_DCM_app_user_logs]
importRoles = user, role_s4_DCM_app_indexes

# Role for the users to access all DB connections
[role_s4_DCM_app_user_dbcon]
importRoles = user, db_connect_user

# Role for the users to access both logs and DB
[role_s4_DCM_app_user]
importRoles = role_s4_DCM_app_user_dbcon, role_s4_DCM_app_user_logs

# Power user = user + administering of the db connections
[role_s4_DCM_app_power]
importRoles = role_s4_DCM_app_user, db_connect_admin

# ##################### Start:  DB connections to splecific databases ##################################
# The idea is to grant the access to specific objects then in the local.meta based on the roles

# ... copied for FRUN relevant objects 
[role_s4_DCM_app_user_FRUN]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Mshadow relevant objects 
[role_s4_DCM_app_user_Mshadow]
importRoles = role_s4_DCM_app_user_dbcon

# ... copied for Pingdom relevant objects 
[role_s4_DCM_app_user_Pingdom]
importRoles = role_s4_DCM_app_user_dbcon

# ##################### End:  DB connections to splecific databases ####################################

 

however, when I check then in the UI interface, there is no inheritance visible for the new s4 roles, which I would expect to be based on the above:

damucka_0-1603276978821.png

What I did then was to manually change the inheritance in the UI for one of the roles (marked green: s4_dcm_app_user), restart and try to figure out which configuration file it would land in ... and nothing.

I used the following linux command:

splunk@ccd01v013355:/opt/splunkdev> grep -rnw '.' -e 'role_s4_DCM_app_user'

and it returned the same entries from the authorize.conf before and after the UI inheritance setting.

So, how would I properly set the inheritance in the configuration files? I need to do this there and not one by one in the UI ...

Kind Regards,

Kamil

Labels (1)
0 Karma

damucka
Builder

the issue got solved ... it was an simple mistake ("," instead of ";" ) in the importRoles.

It was:

importRoles = user, db_connect_user

 

it should be:

importRoles = user; db_connect_user

 

for all the corresponding roles.

Kind Regards,

Kamil

0 Karma
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...