×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
oliverrooney
New Member
Member since: ‎11-27-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-27-2014
View All

Re: App appears to override role permissions

by in All Apps and Add-ons
‎11-28-2014 08:49 AM
‎11-28-2014 08:49 AM
None of the searches in that app context are scheduled. They all show a scheduled time of "None". The data visible also appear to be up to date, at least no more than 10 minutes old. The dashboard is owned by "nobody". ... View more

Re: App appears to override role permissions

by in All Apps and Add-ons
‎11-28-2014 08:34 AM
‎11-28-2014 08:34 AM
Hi Martin, Thanks for your reply. I have run the rest command you suggested the results are exactly what I would expect from the role configuration above: title imported_srchDiskQuota imported_srchFilter imported_srchIndexesAllowed imported_srchIndexesDefault imported_srchJobsQuota imported_srchTimeWin srchDiskQuota srchFilter srchIndexesAllowed srchIndexesDefault srchJobsQuota srchTimeWin role_blah 0 0 -1 100 sourcetype=mysource (host=host1 OR host=host2) myindex myindex 3 -1 Interestingly I can see results on the app dashboard as this user and can see the underlying stats if I click the magnifying glass the see the search but the search returns no results if I try to re-run it. Is there any caching of the results of the saved search somehow? ... View more

App appears to override role permissions

by in All Apps and Add-ons
‎11-27-2014 09:38 AM
‎11-27-2014 09:38 AM
I have created a role that has the following permissions: [role_blah] rtsearch = enabled schedule_search = enabled search = enabled srchFilter = sourcetype=mysource (host=host1* OR host=host2*) srchIndexesAllowed = myindex srchIndexesDefault = myindex srchMaxTime = 0 This works as expected in the search app. When I use another app (splunk license usage, incidentally) A user in this role (and no other role) is able to search the _internal index as well. To clarify I can't search the _internal index using search and reporting app, I hope due to index restriction in role definition, but I can using the license usage app. Is this expected? I guess I can "fix" it by changing the permission on the app to only allow other roles, but there are many apps and many other objects to remove this permission from, and I expected the role definition to work across all apps. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM