Documentation > Splunk > Admin Manual > About users and roles

Admin Manual

 


Welcome
What to do first
Start Splunk
Meet Splunk Web and Splunk Apps
Before you configure
Add data and configure inputs
Indexing and event processing
Timestamps
Add and manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Set up forwarding and receiving
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

About users and roles

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

About users and roles

If you're running Splunk with an Enterprise license, you can create users with passwords and assign them to roles you have created. Splunk with a Free license does not support user authentication.

Splunk comes with a single default user, the admin user. The default password for the admin user is changeme. As the password implies, you should change this password immediately upon installing Splunk.

About roles

A role is a set of capabilities that you can define, like whether or not someone is allowed to add inputs or edit saved searches, etc. The various capabilities are listed below, and also in $SPLUNK_HOME/etc/system/README/authorize.conf.spec. Once a role exists, you can assign users to that role.

Additionally, whenever you create a user, a role is automatically created for that user. This is done to support the sharing of objects (like saved searches or reports) with specific users, because object ownership is part of the roles system.

By default, Splunk comes with the following roles predefined:

Disallowed characters

Usernames stored in Splunk's local authentication and roles may not contain spaces, colons, and forward slashes.

Find existing users and roles

To locate an existing user or role in Manager, use the Search bar at the top of the Users or Roles page. Wildcards are supported. Splunk searches for the string you enter in all available fields by default. To search a particular field, specify that field. For example, to search only email addresses, type "email=<email address or address fragment>:, or to search only the "Full name" field, type "realname=<name or name fragment>. To search for users in a given role, use "roles=". To search within the username field, use "userid=".

Search bar.jpg

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.6/Admin/Aboutusersandroles"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!