Thanks for the update! @nembee
If there's any more user config or AD information you could send, screenshots are helpful, please mention here or email us at: firstname.lastname@example.org
Edit: I'm curious, does the incident creation work if you leave the "Owner" field unassigned?
We are looking into this right now!
Thank you for the screenshot! My hypothesis is that your AD group does not contain the correct permissions to create or view a Mission Control incident.
Here's the link to our permissions documentation: https://docs.splunk.com/Documentation/MC/Preview/Detect/Permissions
If you have access to the AD group (for example LDAP), could you try adding the correct permission to your user?
Here's more documentation for managing groups in LDAP: https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/MapLDAPgroupstoSplunkroles
If you want to create and view an incident with the incident type "Default" the user would at least need the role permission "mc_analyst_edit_default."
Please let me know if that helps to solve anything! Thank you.
Hi @nembee! After discussing more with the engineering team, one workaround would be to add the mc_admin role if your user needs access all areas of Mission Control Preview.
We found that Mission Control Preview does not handle the admin_all_objects capability consistently, resulting in the ability to create an incident but not list or view it. A workaround to allow both creation and viewing is to assign the mc_admin role, or as I mentioned previously, the mc_analyst_all_edit role (as appropriate) to the user.
We will fix this issue in a future release. Thank you for your patience!
Hi! Thanks for trying out the app! We are looking into the error now, just so I understand, is the user you are trying to assign here yourself? or is it another user who today has access to ES? Thanks!
Yes, i am trying to create a test incident and assigning it to myself. The user account is an account from AD group membership. The same error occurred if i select other users in the list including Splunk local accounts.