we have a 6 node SHC
Want to use the deployer to push out authorise.conf so that we can manage the user/role/index access centrally.
Looking for an example of how you control which index is seen by which user/role
For example the role would look like
[mail team]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = mailgatewaylogs;maillogs;emailscanlogs
srchMaxTime = 8640000
How do i specify users to have that have the mail team role ?
user1:mail team
user2:mail team
user3:mail team
Not been able to find any reference or example as to how best to set this configuration centrally.
Thanks in advance
glad I asked the question @isoutamo , always wondered what the options were. Have gone down the create an AD account and then go from there, add the capabilities and what index these users can see.
It was also more around having people in different roles. Thanks for info
Hi
this was an interesting question. I have never used local users on SHC even its possible.
The best practice is use external user directories to manage users and roles assignments for them. Then you have those role maps on auth*.conf files. Those are easy to push by deployer.
If you want to use local (splunk internal users) on SHC then 1st create roles (I think that those cannot contain space on name?). Push those from deployer as usual. Then use GUI to create users and assign roles to them.
r. Ismo