Deployment Architecture

Role based Index restriction

anirudhk
Explorer

Hi There,

I am having a Distributed Splunk setup with a Search Head and 2 Indexers. I have few roles setup(Integrated to AD) with in the system with a role associated with a particular Index (srchIndexesAllowed = "" and srchIndexesDefault = ""). But this doesn't actually restrict users from accessing other index if explicitly provided.

I would need this to be implemented in my Environment to have complete control. How can I achieve this.

Regards
Anirudh

Tags (1)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Make sure your roles aren't inheriting more lenient permissions from parent roles.

0 Karma

anirudhk
Explorer

srchIndexesAllowed should Ideally have taken care of it. It the user being part of multiple group that caused this behaviour.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...