Solved: Custom role cannot search

ccsfdave · ‎04-15-2013

Is there something like a diff command on roles? I am trying to grant as limited as possible access to a custom role however if I grant anything below power user, they cannot run searches.

The role I am working on has:

Capabilities of:

change_own_password
get_metadata
get_typeahead
input_file
list_inputs
output_file
request_remote_tok
rest_apps_view
rest_properties_get
rest_properties_set
rtsearch
schedule_search
search

Restrict search terms:

src_ip="10.35.0.0/16"

Indexes searched by default:

index_sample

Restrict this role's searches to the specified index(es).

index_sample

When I do a search of * with these settings, the role gets nothing. When I add power user to the inherited it works fine. I would really just like to give the role search within its restricted term and nothing more because by granting power suer to the role, it can see apps I don't want the new role to see and I don't want to limit the power user.

Thoughts at how I can track this down?

Let me know if you have any questions...

Thanks.

Dave

ccsfdave · ‎04-16-2013

OK, I found the issue. I needed to grant access globally to the extraction that produced the src_ip field and access to the app that was being searched. Now the CIDR in Restrict search terms works w/o need for a lookup

View solution in original post

ccsfdave · ‎04-16-2013

OK, I found the issue. I needed to grant access globally to the extraction that produced the src_ip field and access to the app that was being searched. Now the CIDR in Restrict search terms works w/o need for a lookup

Custom role cannot search

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!