SPLK-3003 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-3003 Exam - Question 38

A customer has implemented their own Role Based Access Control (RBAC) model to attempt to give the Security team different data access than the Operations team by creating two new Splunk roles "" security and operations. In the srchIndexesAllowed setting of authorize.conf, they specified the network index under the security role and the operations index under the operations role. The new roles are set up to inherit the default user role.

If a new user is created and assigned to the operations role only, which indexes will the user have access to search?

Show Answer
Correct Answer: D

If a new user is assigned to the operations role only, they will have access to the operations index. Additionally, since the role inherits from the default user role, the user will have access to all non-internal indexes by default. Therefore, the user will have access to the operations and network indexes.

Discussion

10 comments
Sign in to comment
Vin1118
Jan 15, 2022

I think D. By default, user have access to all non-internal indexes

nutsu
Oct 19, 2022

answer D, default user role not see internal index and default see non-internal index

tico2k
Jan 21, 2022

The correct answer is D

simplekindaman
Jan 30, 2022

Agreed... answer is D, for reason Vin1118 mentions

Redtonyeah
May 30, 2023

D is OK

huu_nguyenOption: D
Aug 31, 2023

D is the one, by default, the user does have access to all non-internal indexes but not to internal indexes

ranga19
Sep 11, 2023

D ,By default, user have access to all non-internal indexes.

spl_bonnOption: D
Nov 1, 2023

D is the correct one. user role is by default has access to all non-internal indexes

da_stingoOption: B
Jul 12, 2024

I am really struggling with your answers, boys. When I look up the users role which comes preinstalled with every splunk install by default, I do NOT see that users have access to all non-indexes. Do you have another source of truth for answering this question beside looking of the role info page showing which index the role is allowed to search?

da_stingo
Jul 12, 2024

*non-internal-indexes

da_stingo
Jul 12, 2024

never mind. i found it :/

SplunkStreamerOption: D
Apr 29, 2025

D, by default the user role has access to all non-internal indexes.