Solved: Multiple Roles inherited from LDAP Group Membershi...

dominiquevocat · ‎08-28-2012

I have several indexes and created a role in splunk for each index. We have a RBAC system in place to grant users group memberships in our eDirectory based MetaDirectory. I map each splunk role to a LDAP groupmembership.

If a user has only one groupmembership all works fine.
If a user receives a second group membership it is shown fine in the user overview in Splunk Administration
The user does however not see the content of the index to which it received access by the second (N'th) group membership.

I modeled the role such that they have access to one index, the capability search and rtsearch.

What am i doing wrong?

dominiquevocat · ‎08-30-2012

The roles were configured via the GUI and i assigned indizes to the roles. Seemingly each role had a srchFilter entry in the authorize.conf which caused the problem. Manually clearing the srchFilter from the authorize.conf seems to solve the issue.

View solution in original post

dominiquevocat · ‎08-30-2012

The roles were configured via the GUI and i assigned indizes to the roles. Seemingly each role had a srchFilter entry in the authorize.conf which caused the problem. Manually clearing the srchFilter from the authorize.conf seems to solve the issue.

Multiple Roles inherited from LDAP Group Memberships

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk