| CARVIEW |
Securing Splunk Enterprise
- Install Splunk Enterprise securely
- Secure your admin account
- About TLS encryption and cipher suites
- Securing Splunk Enterprise with FIPS
- About default certificate authentication
- Secure Splunk Enterprise on your network
- Disable unnecessary Splunk Enterprise components
- Secure Splunk Enterprise service accounts
- Deploy secure passwords across multiple servers
- Harden the network port that App Key Value Store uses
- Some best practices for your servers and operating system
- Use access control to secure Splunk data
- About user authentication
- About configuring role-based user access
- About defining roles with capabilities
- Add and edit roles with Splunk Web
- Add and edit roles with authorize.conf
- Configure access to manager consoles and apps in Splunk Enterprise
- Find existing users and roles
- Delete all user accounts
- Secure access for Splunk knowledge objects
- Use network access control lists to protect your deployment
- Set up user authentication with LDAP
- Manage Splunk user roles with LDAP
- LDAP prerequisites and considerations
- Secure LDAP authentication with transport layer security (TLS) certificates
- How the Splunk platform works with multiple LDAP servers for authentication
- Configure LDAP with Splunk Web
- Map LDAP groups to Splunk roles in Splunk Web
- Configure LDAP with the configuration file
- Map LDAP groups and users to Splunk roles using configuration files
- Test your LDAP configuration on Splunk Enterprise
- Change authentication schemes from native to LDAP on Splunk Enterprise
- Remove an LDAP user safely on Splunk Enterprise
- Configure single sign-on with SAML
- Configure SSO with PingIdentity as your SAML identity provider
- Configure SSO with Okta as your identity provider
- Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider
- Configure SSO with OneLogin as your identity provider
- Configure SSO with Optimal as your identity provider
- Configure SSO in Computer Associates (CA) SiteMinder
- Secure SSO with TLS certificates
- Configuring SAML in a search head cluster
- Configure Ping Identity with leaf or intermediate SSL certificate chains
- Configure SAML SSO for other IdPs
- Configure advanced settings for SSO
- Map groups on a SAML identity provider to Splunk roles
- Modify or remove role mappings
- Configure SAML SSO in the configuration files
- Troubleshoot SAML SSO
- Splunk Add-on for MS office 365: Reporting Web Ser...
- Can I get an overview of how Splunk permissions wo...
- Configure Splunk Add on for AWS, 'Description (Met...
- Will I still be able to forward data into the inst...
- New "role" cannot be added to any users due to "is...
- How can I send Splunk visualization to Slack?
- Some pages not working after working on "Access Co...
- Is the Free license for home lab available?
- Splunk for Enterprise Security: Is it possible to ...
- Licencing Alert - Daily indexing volume limit exce...
Add and edit roles with Splunk Web
When you create users, you assign them to roles that determine the level of access to Splunk Enterprise and the tasks that they can perform. Splunk Enterprise comes with a set of default roles that you can use. You can also create your own.
For information about roles and how capabilities and permissions are inherited, see About role-based user access.
Note: Custom roles that inherit from Admin or Power users do not automatically inherit management access. For information about granting management access to custom roles, see Add access controls to custom roles.
Add or edit a role
To create or edit roles in Splunk Web:
1. Click Settings > Access Controls.
2. Click Access controls page click Roles.
3. Click New or select and edit an existing role. Role names must use lowercase characters only. They cannot contain spaces, colons, or forward slashes.
4. In the Inheritance section, select roles that you want your new role from which you want to inherit capabilities and properties. A user assigned to multiple roles inherits properties from the role with the broadest permissions. See Role inheritance in the About role-based user access topic for more information.
5. In the Capabilities section, choose any individual capabilities you want to provide to this role. See About defining roles with capabilities for more information.
6. In Indexes searched by default specify the indexes that this role will automatically search if no index is specified in the search.
7. In Indexes select indexes the user is allowed to search. If you add at least one index, a user with this role will only be able to conduct searches on the index or indexes selected. If you do not specify any indexes at all, the user assigned to the role is able to search all indexes.
8. Click Save.
Search filter format
The Search filter field can include any of the following search terms:
source=host=index=eventtype=sourcetype=- search fields
You can use wildcards. Use OR to allow multiple terms, or AND to make the filter more restrictive.
The search terms cannot include:
- saved searches
- time operators
- regular expressions
- any fields or modifiers that Splunk Web can overwrite
| About defining roles with capabilities | Add and edit roles with authorize.conf |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0
Comments
Download manual
Add and edit roles with Splunk Web
You must be logged into splunk.com in order to post comments. Log in now.
Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.
Your Comment Has Been Posted Above
Feedback submitted, thanks!