Documentation > Splunk > Admin Manual > authorize.conf

Admin Manual

 


How Splunk Works
Getting Started
Data Inputs
Data Distribution
Indexing
Timestamps
Fields
Hosts
Source Types
Event Types
Transaction Types
Search
Distributed Search
Security
Data Management
Deployment Server
Performance Tuning
Configuration Files
Applications
Reference
Troubleshooting

authorize.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

authorize.conf

Use this file to configure roles and granular access controls.


authorize.conf.spec 

# Copyright (C) 2005-2008 Splunk Inc.  All Rights Reserved.  Version 3.0 
#
# This file contains possible attribute/value pairs for creating roles in authorize.conf.  
# You can configure roles and granular access controls by creating your own authorize.conf.
# There is an authorize.conf in $SPLUNK_HOME/etc/bundles/default/.  To set custom configurations, 
# place an authorize.conf in your own custom bundle directory.
# 
# For help creating a bundle directory, or to learn more about bundles (including bundle precedence)
# please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig.
[capability::<capability>]
	* Define a capability in Splunk. 
	* This can also be added dynamically by software registering in the 
	system (see restmap.conf.spec). 
	* Splunk adds most of its capabilities this way so they are enumerated 
	at the end of the file for reference.
	* See below for the default list of capabilities.
	
[role_<roleName>]
<capability_name> = <enabled|disabled>
  	* Capability attached to this role. 
  	* You can list many of these.
importRoles = <string>
  	* Semicolon delimited list of other role capabilities that should be imported.
srchFilter = <string>
   	* Semicolon delimited list of search filters for this Role.
# The following is a list of Splunk's capabilities.  NOTE:  This list is subject to change as
# new capabilities are added and old ones are deprecated.  If you encounter problems while 
# configuring authorize.conf, please contact support@splunk.com.
access_datamap
access_datastore
admin_operator
allow_livetail
allow_shutdown
bounce_authentication
change_authentication
config_management
delete_by_keyword
delete_user
distributed_all_tab
distributed_forward_tab
distributed_receive_tab
distributed_search_tab
edit_admin_tabs
edit_alert_action
edit_audit
edit_deployment_class_mapping
edit_deployment_client
edit_deployment_server
edit_eventtype
edit_event_discoverer
edit_exec
edit_field_actions
edit_fifo
edit_filter
edit_forward_server
edit_fschange
edit_index
edit_input_defaults
edit_local_search
edit_metaevents
edit_prefs
edit_props
edit_roles
edit_role_search
edit_saved_search
edit_search_server
edit_segmenter
edit_server
edit_server_config
edit_source_classifier
edit_splunktcp
edit_splunktcp_ssl
edit_ssl
edit_tags
edit_tail
edit_tcp
edit_transform
edit_udp
edit_user
edit_watch
edit_web_settings
get_config_by_type
get_config_file
get_metadata
get_property_map
get_user_prefs
get_typeahead
kick
kickProcessor
license_tab
list_inputs
list_saved_searches
request_auth_token
run_script_createrss
run_script_diff
run_script_gentimes
run_script_head
run_script_idxprobe
run_script_iplocation
run_script_loglady
run_script_marklar
run_script_reportcache
run_script_runshellscript
run_script_sendemail
run_script_transpose
run_script_uniq
run_script_windbag
run_script_xmlkv
run_script_xmlunescape
savesearch_tab
save_user_prefs
schedule_search
search
search_admin_index
server_auth_config_tab
server_control_tab
server_settings_tab
set_user_prefs
sync_auth
target_processor
user_tab
use_file_operator
write_config_splunkd

authorize.conf.example 

# This is an example authorize.conf.  Use this file to configure roles and capabilities.
#
# There is a default authorize.conf in $SPLUNK_HOME/etc/bundles/default/. Use this example file to 
# create your own custom authorize.conf.
#
# To set custom configurations, place an authorize.conf in your own custom bundle directory.
[role_Ninja]
edit_save_search  			= enabled
schedule_search          	= enabled
edit_eventtype      		= enabled
edit_role_search        	= enabled
edit_local_search         	= enabled
savesearch_tab            	= enabled
edit_tags                 	= enabled
importRoles = User;Everybody
srchFilter = host=foo
# This creates the role Ninja, which inherits capabilities from the default roles User and Everybody.
# Ninja has almost the same capabilities as Power, except cannot create alerts (only saved searches).
# Also, Ninja is limited to searching on host=foo.
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.2.3/Admin/Authorizeconf"

This documentation applies to the following versions of Splunk: 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!