Splunk® AR for iOS

Administer Splunk AR

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of AR. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure Splunk AR roles and permissions

You can grant users the ability to view, edit, or manage specific objects in Splunk AR. The Splunk AR role builder lets you customize the capabilities and object access that a role has.

Default settings

By default, users with the ar_admin role have all Splunk AR class capabilities. Users with the ar_user role have read access to all objects.

Permissions management capabilities

Users with the edit_roles capability can create, remove, or edit Splunk AR roles.

Users with the ar_edit_roles capability can add or remove object access in pre-existing roles.

You can assign the edit_roles or ar_edit_roles and capabilities to a user role in Splunk Web. See Add or edit a role in the Securing Splunk Enterprise manual.

Class capabilities

Splunk AR class capabilities define how users can interact with a certain class of objects.

Splunk AR comes with the following class capabilities:

Class Capability Description
asset_read Users can view assets and asset groups in Splunk Cloud Gateway. They can see what data is associated with each asset.
asset_write Users can view and edit asset data in Splunk Cloud Gateway. They can choose what data to associate with an asset.
asset_manage Users can register assets, unregister assets, choose what data to associate, and move assets in and out of groups.
workspace_read Users can view AR workspaces and their associated data.
workspace_write Users can view AR workspaces, adjust visualizations, and choose what data to associate with a workspace in the Splunk AR app or Splunk Cloud Gateway.
workspace_manage Users can create new workspaces, delete workspaces, view AR workspaces, adjust visualizations, and choose what data to associate with a workspace in the Splunk AR app or Splunk Cloud Gateway.
note_read Users can view notes.
note_write Users can view notes and edit notes.
note_manage Users can view, edit, adjust, delete and create new workspace notes.
beacon_read Users can detect nearby beacons and see associated dashboards in the Splunk AR app.
beacon_write Users can associate beacons with dashboards, detect nearby beacons, and see associated dashboards in the Splunk AR app.
beacon_manage Users can add beacons, remove beacons, associate beacons with dashboards, detect nearby beacons, and see associated dashboards in the Splunk AR app.
geofence_read Users can detect nearby geofences and see associated dashboards in the Splunk AR app.
geofence_write Users can associate geofences with dashboards, detect nearby geofences, and see associated dashboards in the Splunk AR app.
geofence_manage Users can create geofences, remove geofences, associate geofences with dashboards, detect nearby geofences, and see associated dashboards in the Splunk AR app.
playbook_read Users can run Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature.
playbook_write Users can edit Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature.
playbook_manage Users can add, remove, reposition, and edit Splunk Phantom playbooks in AR workspaces as part of the workflow automation feature.

Object access

When creating a role, define object access to manage which users can access specific objects.

To define object access, Splunk AR mobile users must be using Splunk AR version 2.3.0 or later.

Splunk AR object classes include the following:

  • Assets
  • Asset groups
  • Workspaces
  • Beacons
  • Geofences
  • Notes and media

Object access precedence

If a user is a member of a role that has a class capability, that capability applies to any objects that aren't referenced in other roles. If you create another role that defines access to that particular object, then the user must be a member of that role to access that object.

For example, let's say you create role_1 with the workspace_read capability. Then you assign role_1 to a user. Role_1 has workspace_read capability, so the user has read access to workspace_1.

Now suppose you create role_2 with read access to workspace_1. Now the user doesn't have access workspace_1, unless you assign role_2 to the user.

Configure Splunk AR roles and permissions

Configure Splunk AR permissions by editing or creating roles and assigning them to users. You can edit existing roles by adding or removing class capabilities and objects access. Or you can create a new role and define its class capabilities and objects access.

Prerequisites

Complete the following steps before configuring Splunk AR permissions:

  • Have admin role access or the edit_roles capability.
  • Install Splunk Cloud Gateway on your Splunk Enterprise search head.
  • Enable Splunk AR in the Configure tab of Splunk Cloud Gateway. See the Install and Administer Splunk Cloud Gateway manual.
  • Make sure that Splunk AR mobile app users are using Splunk AR version 2.3.0 or later.

Edit roles

  1. Navigate to the Splunk AR tab in Splunk Cloud Gateway.
  2. Click Roles.
  3. Click the edit icon next to a role to edit it. You can also view the class capabilities, inherited roles, and object access the role has.
  4. Click Edit next to Inheritance, Class Capabilities, or Object Access to edit the role.
  5. Click Save.

Create a role

  1. Navigate to the Splunk AR tab in Splunk Cloud Gateway.
  2. Click Roles.
  3. Click +Add Role.
  4. Name the role.
  5. (Optional) Select existing roles to inherit. The role that you're creating will have the same class capabilities and object access as the roles you select to inherit.
  6. Click Continue.
  7. Select the class capabilities that you want the role to have.
  8. Click Continue.
  9. Select the objects that you want the role to have access to.
  10. Click Continue.
  11. Click Save.

Assign roles to users

After editing or creating Splunk AR roles, assign the roles to users. See Add and edit roles with Splunk Web in the Securing Splunk Enterprise manual.

Last modified on 08 October, 2020
PREVIOUS
Should I use asset tags, object detection, beacons, or geofences with Splunk AR?
  NEXT
Get data into Splunk AR using a Raspberry Pi

This documentation applies to the following versions of Splunk® AR for iOS: 2.3.0, 2.4.1, 2.5.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters