#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.

Exact Difference Between Roles in Search Head

anandhalagarasa
Path Finder

Hi All,

Can you kindly clarify what is the exact difference between admin role , power role & user role.

Also what and all permissions that a admin , power & user has in Splunk Search Head.

Kindly provide detailed information regarding the same.

Tags (1)
0 Karma

pruthvikrishnap
Contributor

Hi Anand,

Here is some documentation to understand more on roles and capabilities.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Security/Rolesandcapabilities

0 Karma

jmorais
Explorer

Available Roles
admin
can_delete
db_connect_admin
db_connect_user
power
sc_admin
splunk-system-role
user

Eu só encontro doc sobre can_delete/ admin... onde estão as outras?

0 Karma

gcusello
SplunkTrust
SplunkTrust

HI anandhalagarasan,
briefly

  • admin -- this role has the most capabilities assigned to it.
  • power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
  • user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
  • can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.

see http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Aboutusersandroles for more details.

In Splunk Search Heads, roles have the same features of all the other Splunk servers, and it's possible to use them also if it isn't correct on a Search Head (e.g. it's possiblre to create an index on SH).

I usually create roles dedicated to my users and I don't use the default roles because I want to give only the needed grants to a role: but if I create a role from user, it takes all the user grants and I usually don't want this!

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...