We haven't heard back from you in a week. Please let us know if you can answer the above questions. We would love to know more details so we can investigate on our end. Thanks!
Yes, already provided the response for the questions below.
Thanks for the update! @nembee
If there's any more user config or AD information you could send, screenshots are helpful, please mention here or email us at: email@example.com
Edit: I'm curious, does the incident creation work if you leave the "Owner" field unassigned?
We are looking into this right now!
if i leave the owner field unassigned, "incident created successfully". But the incident is not listed on the main page. It is empty.
Thank you for the screenshot! My hypothesis is that your AD group does not contain the correct permissions to create or view a Mission Control incident.
Here's the link to our permissions documentation: https://docs.splunk.com/Documentation/MC/Preview/Detect/Permissions
If you have access to the AD group (for example LDAP), could you try adding the correct permission to your user?
Here's more documentation for managing groups in LDAP: https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/MapLDAPgroupstoSplunkroles
If you want to create and view an incident with the incident type "Default" the user would at least need the role permission "mc_analyst_edit_default."
Please let me know if that helps to solve anything! Thank you.
Hi @nembee! After discussing more with the engineering team, one workaround would be to add the mc_admin role if your user needs access all areas of Mission Control Preview.
We found that Mission Control Preview does not handle the admin_all_objects capability consistently, resulting in the ability to create an incident but not list or view it. A workaround to allow both creation and viewing is to assign the mc_admin role, or as I mentioned previously, the mc_analyst_all_edit role (as appropriate) to the user.
We will fix this issue in a future release. Thank you for your patience!
is that a valid user . Do u see this problem when u select other users like urself ?
Yes, it is a valid user. It is from an AD group membership. When i select other users or local accounts, it is still the same. None of the users assignment work. Incident can't be created.
Hi! Thanks for trying out the app! We are looking into the error now, just so I understand, is the user you are trying to assign here yourself? or is it another user who today has access to ES? Thanks!
Yes, i am trying to create a test incident and assigning it to myself. The user account is an account from AD group membership. The same error occurred if i select other users in the list including Splunk local accounts.