role problem

anissabnk

Hello,

I'm having problems using roles.
I use this search, which gives me results via the admin role.

[search index="idx_arv_ach_cas_traces" source="*orange_ach_cas_traces_ac_20*" nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask")
OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent")
OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé"))
AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01")
| eventstats sum(total) as "Nbre_de_tracages" by lib_origine
| top "Nbre_de_tracages" lib_origine
| sort - "Nbre_de_tracages"
| head 5
| streamstats count as row_number
| search row_number=1
| return lib_origine]
nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask")
OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent")
OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé"))
AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01")
| stats sum(total) as "nb_tracages" by cuid lib_origine
| sort -nb_tracages
| head 5

When I use another role, the first part of the search works, but not the second.

The search on : nom_prenom_manager="*" , ... doesn't give any results, whereas with the admin role, it does.

I can't modify the query because I don't have rights to it, but I have to play with the roles.

I'd like to point out that the manager_last_name field is obtained via an automatic lookup. But there's no problem with specific rights for the admin role.

I've tried everything, but I can't find a solution, please have an idea.

kprior201

Is there a chance that a field parsing listed in the second half of the search is not shared within the app/globally? That is the first thing that I would check - make sure all of the variables listed are shared and that the non-admin role has access to the app in which they are shared.

role problem

fields

other

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?