Splunk checks role-to-group mapping only during user login for external authentication (e.g., LDAP, SAML). Users already logged in will continue using their previously assigned roles until they log out and log back in.
The changes to role mapping do not disrupt ongoing sessions.
Incorrect Options:
B:Search is not disabled upon role updates.
C:This is incorrect since existing users are also updated upon the next login.
D:Role updates do not terminate ongoing sessions.
[References:, Splunk Docs: Configure user authentication, , , , ]
Submit