Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

User Roles

Dolly
Explorer
3 weeks ago

Hello everyone, I am facing an issue related to a Splunk user role. A role was created with access to indexes 1, 2, 3, and 4, and all members assigned to this role were able to access those indexes successfully. Later, access to another index (index 5) was added to the same role. However, the users assigned to the role are still unable to access index 5. Has anyone encountered a similar issue or knows if there are additional steps required for the updated index permissions to take effect?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
3 weeks ago

Assuming the users logged out and back in (just to be sure; I'm not 100% it's required), editing roles should be quite immediate.

Question is how how did you edit those permissions? Maybe you did edit the authorize.conf file and did _not_ reload the effective config?

0 Karma
Reply

Dolly
Explorer
3 weeks ago

The permissions were given on UI. Yes, its immediate but for this particular case, its not working.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
3 weeks ago

You could try this to check how splunk see those roles and if there is some other roles inherited to your role or users.

https://community.splunk.com/t5/Splunk-Search/How-to-Generate-Roles-to-Indexes-table/m-p/654874/high...

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @Dolly 

If the change to the role has been made on the SH then it should apply instantly. Can you confirm that there is data being received into the index (5) ? 

Are there any other limits on the role which might impact such as search filters?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

Dolly
Explorer
3 weeks ago

Yes there is data in index 5. No other limits on role

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...