Configure Splunk AR roles and permissions
You can grant users the ability to view, edit, or manage specific objects in Splunk AR. The Splunk AR role builder lets you customize the capabilities and object access that a role has.
Default settings
By default, users with the ar_admin role have all Splunk AR class capabilities. Users with the ar_user role have read access to all objects.
Permissions management capabilities
Users with the edit_roles capability can create, remove, or edit Splunk AR roles.
Users with the ar_edit_roles capability can add or remove object access in pre-existing roles.
You can assign the edit_roles or ar_edit_roles and capabilities to a user role in Splunk Web. See Add or edit a role in the Securing Splunk Enterprise manual.
Class capabilities
Splunk AR class capabilities define how users can interact with a certain class of objects.
Splunk AR comes with the following class capabilities:
Class Capability | Description |
---|---|
asset_read | Users can view assets and asset groups in Splunk Cloud Gateway. They can see what data is associated with each asset. |
asset_write | Users can view and edit asset data in Splunk Cloud Gateway. They can choose what data to associate with an asset. |
asset_manage | Users can register assets, unregister assets, choose what data to associate, and move assets in and out of groups. |
workspace_read | Users can view AR workspaces and their associated data. |
workspace_write | Users can view AR workspaces, adjust visualizations, and choose what data to associate with a workspace in the Splunk AR app or Splunk Cloud Gateway. |
workspace_manage | Users can create new workspaces, delete workspaces, view AR workspaces, adjust visualizations, and choose what data to associate with a workspace in the Splunk AR app or Splunk Cloud Gateway. |
note_read | Users can view notes. |
note_write | Users can view notes and edit notes. |
note_manage | Users can view, edit, adjust, delete and create new workspace notes. |
beacon_read | Users can detect nearby beacons and see associated dashboards in the Splunk AR app. |
beacon_write | Users can associate beacons with dashboards, detect nearby beacons, and see associated dashboards in the Splunk AR app. |
beacon_manage | Users can add beacons, remove beacons, associate beacons with dashboards, detect nearby beacons, and see associated dashboards in the Splunk AR app. |
geofence_read | Users can detect nearby geofences and see associated dashboards in the Splunk AR app. |
geofence_write | Users can associate geofences with dashboards, detect nearby geofences, and see associated dashboards in the Splunk AR app. |
geofence_manage | Users can create geofences, remove geofences, associate geofences with dashboards, detect nearby geofences, and see associated dashboards in the Splunk AR app. |
playbook_read | Users can run Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature. |
playbook_write | Users can edit Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature. |
playbook_manage | Users can add, remove, reposition, and edit Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature. |
Object access
When creating a role, define object access to manage which users can access specific objects.
To define object access, Splunk AR mobile users must be using Splunk AR version 2.3.0 or later.
Splunk AR object classes include the following:
- Assets
- Asset groups
- Workspaces
- Beacons
- Geofences
- Notes and media
Object access precedence
If a user is a member of a role that has a class capability, that capability applies to any objects that aren't referenced in other roles. If you create another role that defines access to that particular object, then the user must be a member of that role to access that object.
For example, let's say you create role_1 with the workspace_read capability. Then you assign role_1 to a user. Role_1 has workspace_read capability, so the user has read access to workspace_1.
Now suppose you create role_2 with read access to workspace_1. Now the user doesn't have access workspace_1, unless you assign role_2 to the user.
Configure Splunk AR roles and permissions
Configure Splunk AR permissions by editing or creating roles and assigning them to users. You can edit existing roles by adding or removing class capabilities and objects access. Or you can create a new role and define its class capabilities and objects access.
Prerequisites
Complete the following steps before configuring Splunk AR permissions:
- Have admin role access or the edit_roles capability.
- Install Splunk Cloud Gateway on your Splunk Enterprise search head.
- Enable Splunk AR in the Configure tab of Splunk Cloud Gateway. See the Install and Administer Splunk Cloud Gateway manual.
- Make sure that Splunk AR mobile app users are using Splunk AR version 2.3.0 or later.
Edit roles
- Navigate to the Splunk AR tab in Splunk Cloud Gateway.
- Click Roles.
- Click the edit icon next to a role to edit it. You can also view the class capabilities, inherited roles, and object access the role has.
- Click Edit next to Inheritance, Class Capabilities, or Object Access to edit the role.
- Click Save.
Create a role
- Navigate to the Splunk AR tab in Splunk Cloud Gateway.
- Click Roles.
- Click +Add Role.
- Name the role.
- (Optional) Select existing roles to inherit. The role that you're creating will have the same class capabilities and object access as the roles you select to inherit.
- Click Continue.
- Select the class capabilities that you want the role to have.
- Click Continue.
- Select the objects that you want the role to have access to.
- Click Continue.
- Click Save.
Assign roles to users
After editing or creating Splunk AR roles, assign the roles to users. See Add and edit roles with Splunk Web in the Securing Splunk Enterprise manual.
Should I use asset tags, object detection, beacons, or geofences with Splunk AR? | Get data into Splunk AR using a Raspberry Pi |
This documentation applies to the following versions of Splunk® AR for iOS: 2.3.0, 2.4.1, 2.5.0
Feedback submitted, thanks!