Security

user with multiple roles

harald_leitl
Path Finder

Hi,
I got following behavior.

An ldap user is member of two roles. (role A = ldap groupA & role B = ldap groupB)

role A has properties set to srchIndexesAllowed = index1;index2;index3
role B has properties set to srchIndexesAllowed = index2;index4;index5

When searching for index=* the user only sees indexes from role A (index1;index2;index3).

In Splunk manager the user has both roles assigned.

What am I doing wrong?

we are currently running on 4.3.3.

thx,

harry

Tags (3)
0 Karma
1 Solution

harald_leitl
Path Finder

The problem was caused by a search filter set on role 'A' in authorize.conf.

here is the solution:
http://splunk-base.splunk.com/answers/57026/multiple-roles-inherited-from-ldap-group-memberships

thx

View solution in original post

0 Karma

harald_leitl
Path Finder

The problem was caused by a search filter set on role 'A' in authorize.conf.

here is the solution:
http://splunk-base.splunk.com/answers/57026/multiple-roles-inherited-from-ldap-group-memberships

thx

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi harald_leitl

have a look at this answer, where you can find some basic ldap troubleshooting tips.

cheers,

Mus

0 Karma

harald_leitl
Path Finder

As explained above, role 'A' is allowed to search through index1;index2;index3 and role 'B' is allowed to search through index2;index4;index5.

I thought, if I assign both roles the user would be capable of searching through index1;index2;index3;index4 and index5.

my search to verify the result:

index=*

The result I got:
Only events from index1;index2;index3 were included in the result.

The result I was looking for:
events from index1;index2;index3;index4 and index5 are shown

0 Karma

harald_leitl
Path Finder

I don't think I have a problem with authentication and ldap.

In splunk manager I see that both splunk roles are assigned to the user.

However, it seems the user only gets capabilities of role 'A'.

0 Karma