Hi All,
We have the two roles setup in splunk and assigned them for a single user using AD groups as mentioned below.We have applied srchFilter for role_abc.User is complaining that he is unable to see any logs for indexes mapped under role_xyz.I doubt that srchfilters under role_abc is causing this problem.How to relsove this issue and User should have access to all the indexes mapped according to their roles.
Thank you.
[role_abc]
accelerate_search = enabled
cumulativeRTSrchJobsQuota = 50
edit_search_schedule_window = enabled
export_results_is_visible = enabled
get_metadata = enabled
get_typeahead = enabled
pattern_detect = enabled
rest_properties_get = enabled
rtSrchJobsQuota = 20
rtsearch = enabled
schedule_search = enabled
search = enabled
srchDiskQuota = 200
srchFilter = index::rckspc OR (source::marketing-production OR source::http:marketing-staging)
srchIndexesAllowed = hrk;rckspc
srchIndexesDefault = hrk;rckspc
[role_xyz]
accelerate_search = enabled
cumulativeRTSrchJobsQuota = 50
edit_search_schedule_window = enabled
export_results_is_visible = enabled
get_metadata = enabled
get_typeahead = enabled
pattern_detect = enabled
rest_properties_get = enabled
rtSrchJobsQuota = 5
rtsearch = enabled
schedule_search = enabled
search = enabled
srchDiskQuota = 200
srchIndexesAllowed = os;windows;linux
srchIndexesDefault = os;windows;linux
@isoutamo @rbal_splunk @gcusello @martin_mueller @Stephen_Sorkin @MLGSPLUNK @maciep @nickhills @FrankVl
Hello, did you mange to fix this problem? I'm having the same problem.