#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Exact Difference Between Roles in Search Head

anandhalagarasa
Path Finder
‎11-21-2017 04:40 AM

Hi All,

Can you kindly clarify what is the exact difference between admin role , power role & user role.

Also what and all permissions that a admin , power & user has in Splunk Search Head.

Kindly provide detailed information regarding the same.

Tags (1)
0 Karma
Reply

pruthvikrishnap
Contributor
‎09-28-2018 11:43 AM

Hi Anand,

Here is some documentation to understand more on roles and capabilities.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Security/Rolesandcapabilities

0 Karma
Reply

jmorais
Explorer
‎09-28-2018 11:20 AM

Available Roles
admin
can_delete
db_connect_admin
db_connect_user
power
sc_admin
splunk-system-role
user

Eu só encontro doc sobre can_delete/ admin... onde estão as outras?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2017 04:50 AM

HI anandhalagarasan,
briefly

  • admin -- this role has the most capabilities assigned to it.
  • power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
  • user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
  • can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.

see http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Aboutusersandroles for more details.

In Splunk Search Heads, roles have the same features of all the other Splunk servers, and it's possible to use them also if it isn't correct on a Search Head (e.g. it's possiblre to create an index on SH).

I usually create roles dedicated to my users and I don't use the default roles because I want to give only the needed grants to a role: but if I create a role from user, it takes all the user grants and I usually don't want this!

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...