- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Issue with assigning users to roles
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue with assigning users to roles
Hi all,
I am fairly new to Splunk but i have a little bit of experiance with setting it up and making accounts and roles ect however i have hit a brick wall with this issue.
I recently created a role called basic and assigned a user to that role. As the role mentions the role is very basic and only give the user the capability to search,real time search and change their own password. At the moment the user only has access to the summary index.
Now the issue occurs when i add a user to the basic role.
Once the user is assigned and they try to log in they are unable to access the system,infact all users are unable to access the system. Users once authenticated are asked to check the web_service.log file. Searching through the log file the following errors appear
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_status" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_detail_activity" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_user_activity" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "search_ui_activity" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "index_status" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "index_status_health" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "indexing_volume" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "splunkd_status" is referenced in the navigation definition for "search".
2013-01-07 09:23:24,503 WARNING [50e9f95c614829668] view:361 - An unknown view name "splunkweb_status" is referenced in the navigation definition for "search".
If i go to \etc\system\local\authorize.conf and remove the role from the file, everything is back to normal, but the user will not have a role mapped to their account.
Any thoughts or help in this space will be much appreciated.
Thanks in advance,
Anu
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
those views are related to internal index (index=_*) then you need either:
- to give them access to internal indexes
- remove those views from search app
- create a barebones custom app (recommanded)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for that advice. The thing i find odd is that, looking at the roles that a shipped out with splunk when installed such as Power or User is that they themselves do not have access to internal indexes but everything seems fine. Eitherway I will give it a go. Thanks for your input!
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
