#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Exact Difference Between Roles in Search Head

anandhalagarasa
Path Finder
‎11-21-2017 04:40 AM

Hi All,

Can you kindly clarify what is the exact difference between admin role , power role & user role.

Also what and all permissions that a admin , power & user has in Splunk Search Head.

Kindly provide detailed information regarding the same.

Tags (1)
0 Karma
Reply

pruthvikrishnap
Contributor
‎09-28-2018 11:43 AM

Hi Anand,

Here is some documentation to understand more on roles and capabilities.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Security/Rolesandcapabilities

0 Karma
Reply

jmorais
Explorer
‎09-28-2018 11:20 AM

Available Roles
admin
can_delete
db_connect_admin
db_connect_user
power
sc_admin
splunk-system-role
user

Eu só encontro doc sobre can_delete/ admin... onde estão as outras?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2017 04:50 AM

HI anandhalagarasan,
briefly

  • admin -- this role has the most capabilities assigned to it.
  • power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
  • user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
  • can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.

see http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Aboutusersandroles for more details.

In Splunk Search Heads, roles have the same features of all the other Splunk servers, and it's possible to use them also if it isn't correct on a Search Head (e.g. it's possiblre to create an index on SH).

I usually create roles dedicated to my users and I don't use the default roles because I want to give only the needed grants to a role: but if I create a role from user, it takes all the user grants and I usually don't want this!

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...

Data Management Digest – January 2026

Welcome to the January 2026 edition of Data Management Digest! Welcome to the January 2026 edition of Data ...

Splunk SOAR Now Available on Google Cloud Platform

We’re excited to announce that Splunk SOAR is now natively available as a SaaS solution on Google Cloud ...