Splunk SOAR

Users & roles visibility

glc_slash_it
Path Finder

Hey splunkers,

We are trying to implement and segregate roles in SOAR, and so we have several roles with several users in them. The problem is that every user can see all other users and assign containers/tasks to them.

Is there a way  to restrict visibility/assignment on other users in the platform? I know it probably have should be realted to users & roles permissions but I' not getting it right...

Thanks

Labels (2)
0 Karma

SOARt_of_Lost
Path Finder

Your best bet is going to be deciding which labels you want to set on certain containers. After that, you can set Label Permissions so roles don't have View permissions on labels they shouldn't see or be assigned to.

0 Karma

glc_slash_it
Path Finder

Thanks for the answer, but unfortunately that doesn't solve the issue. And I'm puzzled how a platform like SOAR doesnt provide granular user & roles permissions.

We should be able to define that a user can only assing containers/tasks to other users within it's role, instead of everybody(or similar)... 

Because the default settings allows a given user to assign a container to whoever user or roles he wishes...

Does anyone know if there a way using REST API or playbooks?

0 Karma
Get Updates on the Splunk Community!

Best Strategies to Optimize Observability Costs

 Join us on Tuesday, May 6, 2025, at 11 AM PDT / 2 PM EDT for an insightful session on optimizing ...

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...