Manage role-based access to Splunk Industrial Asset Intelligence

To manage role-based access in Splunk Industrial Asset Intelligence (IAI), use the access control system built into the Splunk platform for authentication and authorization. Splunk platform administrators use this access control system to add users, assign users to roles, and assign those roles custom capabilities to provide limited, role-based access control for your organization.

Splunk IAI roles

Splunk IAI adds two roles to the default roles provided by the Splunk platform. These roles allow a Splunk platform administrator to assign access to specific functions in Splunk IAI based on a user's access requirements.

iai_admin

Assign this role to Splunk IAI administrators. Users with this role can create and manage asset hierarchies, operations, groups, calculated metrics, alerts, and views. This role inherits all the abilities of the iai_user role, and also grants the admin_all_objects, configure_iai, rt_search, and schedule_search capabilities.

iai_user

Assign this role to users who need basic read access to Splunk IAI. This role can view spatial views, browse assets, view alerts, and analyze metrics with charts in the Analyze view. Users with this role cannot create, edit, or delete spatial views, metrics, alerts, hierarchies, or operations.

The following table summarizes the read/write/delete abilities for the Splunk IAI roles.

Configure role-based access to indexes

The Splunk platform stores ingested data sources in multiple indexes. Distributing data into multiple indexes allows you to use role-based access controls and vary retention policies for data sources. For more information on using multiple indexes, see Why have multiple indexes? in Splunk Enterprise Managing Indexers and Clusters of Indexers.

The Splunk platform configures most roles to search only the main index by default when no index is specified. You can add additional indexes to the set of indexes searched by default by members of a specific role.

You can also restrict which indexes members of a role are able to search. Restricting access to indexes is useful for establishing role-based access controls for certain data sets in your organization. For example, you can create a custom role that inherits the iai_user role and restrict the set of indexes that members of this custom role are permitted to search. Restricting access to indexes allows you to ensure that different business units in your organization see only the data that is relevant to them.

To specify which indexes your Splunk IAI users are allowed to search and which indexes they search by default, assign the indexes that contain relevant metric and alarms data to custom roles that inherit the iai_user role.

Prerequisite
Your role must have the edit_roles capability.

Steps

1. Select Settings > Access Controls.
2. Click Roles.
3. Click New Role.
4. Type a Name for the role.
5. Under Inheritance click iai_user. Inheriting the iai_user role gives the members of this role read-access to Splunk IAI.
6. Select indexes in the Indexes searched by default list that this role searches by default when no index is specified.
7. Select indexes in the Indexes list that this role is allowed to search.
8. Save your changes.
9. Repeat for additional roles as needed.
10. Add users to the custom role you created.

For more information about working with roles, see About configuring role-based user access in the Securing Splunk Enterprise manual.