Splunk Enterprise Security

In Splunk Enterprise Security, how do you create a user role with ready-only access?


Is there any way to create a user role with read-only access to a specific set of indexes?

0 Karma


Have a look at this, might be useful to you:

let me know if this helps!

0 Karma


You can create a role with only read access. You can go to settings >> access control >> roles
You can know more from the following link

0 Karma

Ultra Champion

Interesting thing as Splunk roles are designed for read access, not for write access and each role has read access to a set of indexes.

If we look at About users and roles

It defines the user role as -

-- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.

0 Karma