Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I use authorise.conf centrally to manage user role access to indexes?

pbrinkman
Path Finder
‎06-28-2023 06:06 AM

we have a 6 node SHC

Want to use the deployer to push out authorise.conf so that we can manage the user/role/index access centrally.

Looking for an example of how you control which index is seen by which user/role

For example the role would look like
[mail team]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = mailgatewaylogs;maillogs;emailscanlogs
srchMaxTime = 8640000

How do i specify users to have that have the mail team role ?

user1:mail team
user2:mail team
user3:mail team

Not been able to find any reference or example as to how best to set this configuration centrally.

Thanks in advance

 

Labels (1)
Labels
0 Karma
Reply

pbrinkman
Path Finder
‎07-03-2023 01:48 AM

glad I asked the question @isoutamo , always wondered what the options were. Have gone down the create an AD account and then go from there, add the capabilities and what index these users can see. 
It was also more around having people in different roles.  Thanks for info

Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-29-2023 09:29 AM

Hi

this was an interesting question. I have never used local users on SHC even its possible.

The best practice is use external user directories to manage users and roles assignments for them. Then you have those role maps on auth*.conf files. Those are easy to push by deployer.

If you want to use local (splunk internal users) on SHC then 1st create roles (I think that those cannot contain space on name?). Push those from deployer as usual. Then use GUI to create users and assign roles to them. 
r. Ismo

Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...