#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.

Exact Difference Between Roles in Search Head

anandhalagarasa
Path Finder

Hi All,

Can you kindly clarify what is the exact difference between admin role , power role & user role.

Also what and all permissions that a admin , power & user has in Splunk Search Head.

Kindly provide detailed information regarding the same.

Tags (1)
0 Karma

pruthvikrishnap
Contributor

Hi Anand,

Here is some documentation to understand more on roles and capabilities.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Security/Rolesandcapabilities

0 Karma

jmorais
Explorer

Available Roles
admin
can_delete
db_connect_admin
db_connect_user
power
sc_admin
splunk-system-role
user

Eu só encontro doc sobre can_delete/ admin... onde estão as outras?

0 Karma

gcusello
SplunkTrust
SplunkTrust

HI anandhalagarasan,
briefly

  • admin -- this role has the most capabilities assigned to it.
  • power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
  • user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
  • can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.

see http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Aboutusersandroles for more details.

In Splunk Search Heads, roles have the same features of all the other Splunk servers, and it's possible to use them also if it isn't correct on a Search Head (e.g. it's possiblre to create an index on SH).

I usually create roles dedicated to my users and I don't use the default roles because I want to give only the needed grants to a role: but if I create a role from user, it takes all the user grants and I usually don't want this!

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...