#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Exact Difference Between Roles in Search Head

anandhalagarasa
Path Finder
‎11-21-2017 04:40 AM

Hi All,

Can you kindly clarify what is the exact difference between admin role , power role & user role.

Also what and all permissions that a admin , power & user has in Splunk Search Head.

Kindly provide detailed information regarding the same.

Tags (1)
0 Karma
Reply

pruthvikrishnap
Contributor
‎09-28-2018 11:43 AM

Hi Anand,

Here is some documentation to understand more on roles and capabilities.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Security/Rolesandcapabilities

0 Karma
Reply

jmorais
Explorer
‎09-28-2018 11:20 AM

Available Roles
admin
can_delete
db_connect_admin
db_connect_user
power
sc_admin
splunk-system-role
user

Eu só encontro doc sobre can_delete/ admin... onde estão as outras?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2017 04:50 AM

HI anandhalagarasan,
briefly

  • admin -- this role has the most capabilities assigned to it.
  • power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
  • user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
  • can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.

see http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Aboutusersandroles for more details.

In Splunk Search Heads, roles have the same features of all the other Splunk servers, and it's possible to use them also if it isn't correct on a Search Head (e.g. it's possiblre to create an index on SH).

I usually create roles dedicated to my users and I don't use the default roles because I want to give only the needed grants to a role: but if I create a role from user, it takes all the user grants and I usually don't want this!

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...