The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. To resolve redirect errors, you must use the version selector on the ES documentation homepage to navigate between the versions.
Troubleshoot removed roles when upgrading from standalone Mission Control
This article is exclusively for users upgrading from the standalone Splunk Mission Control product to Splunk Enterprise Security 8.x.
Some of the roles from standalone Splunk Mission Control have been removed from Splunk Cloud Platform. However, when you upgrade from standalone Mission Control to Splunk Enterprise Security 8.x, these roles appear to be still assigned to Splunk users. You must manually unassign these roles from users.
To unassign these roles from Enterprise Security 8.x users, follow these steps:
- In Splunk Cloud Platform, select Settings, then under Users and Authentication, select Users.
- Use the search field at the top of the Users page to search for each of these old MC roles, one at a time.
- role_mc_soar_asset_owner
- role_mc_soar_automation
- role_mc_soar_automation_engineer
- role_mc_soar_incident_commander
- role_mc_soar_observer
- For each user that appears in the search, select the user name. When the editing page appears, select Save. [Do not make any edits. ]
- When you return to the list of users, confirm that the old roles were removed from that user.
- Repeat this process for each role listed in Step 2.
Unassign old MC roles from a user before cloning that user.
Last modified on 15 May, 2025
| Troubleshoot pairing Splunk Enterprise Security with Splunk SOAR | Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.31, 8.0.40
Download manual
Feedback submitted, thanks!