Manage role-based access to Splunk Industrial Asset Intelligence
To manage role-based access in Splunk Industrial Asset Intelligence (IAI), use the access control system built into the Splunk platform for authentication and authorization. Splunk platform administrators use this access control system to add users, assign users to roles, and assign those roles custom capabilities to provide limited, role-based access control for your organization.
Splunk IAI roles
Splunk IAI adds two roles to the default roles provided by the Splunk platform. These roles allow a Splunk platform administrator to assign access to specific functions in Splunk IAI based on a user's access requirements.
- Assign this role to Splunk IAI administrators. Users with this role can create and manage asset hierarchies, operations, groups, calculated metrics, alerts, and views. This role inherits all the abilities of the
iai_userrole, and also grants the
- Assign this role to users who need basic read access to Splunk IAI. This role can view spatial views, browse assets, view alerts, and analyze metrics with charts in the Analyze view. Users with this role cannot create, edit, or delete spatial views, metrics, alerts, hierarchies, or operations.
The following table summarizes the read/write/delete abilities for the Splunk IAI roles.
Configure role-based access to indexes
The Splunk platform stores ingested data sources in multiple indexes. Distributing data into multiple indexes allows you to use role-based access controls and vary retention policies for data sources. For more information on using multiple indexes, see Why have multiple indexes? in Splunk Enterprise Managing Indexers and Clusters of Indexers.
The Splunk platform configures most roles to search only the
main index by default when no index is specified. You can add additional indexes to the set of indexes searched by default by members of a specific role.
You can also restrict which indexes members of a role are able to search. Restricting access to indexes is useful for establishing role-based access controls for certain data sets in your organization. For example, you can create a custom role that inherits the
iai_user role and restrict the set of indexes that members of this custom role are permitted to search. Restricting access to indexes allows you to ensure that different business units in your organization see only the data that is relevant to them.
To specify which indexes your Splunk IAI users are allowed to search and which indexes they search by default, assign the indexes that contain relevant metric and alarms data to custom roles that inherit the
Your role must have the
- Select Settings > Access Controls.
- Click Roles.
- Click New Role.
- Type a Name for the role.
- Under Inheritance click iai_user. Inheriting the
iai_userrole gives the members of this role read-access to Splunk IAI.
- Select indexes in the Indexes searched by default list that this role searches by default when no index is specified.
- Select indexes in the Indexes list that this role is allowed to search.
- Save your changes.
- Repeat for additional roles as needed.
- Add users to the custom role you created.
For more information about working with roles, see About configuring role-based user access in the Securing Splunk Enterprise manual.
Share data in Splunk Industrial Asset Intelligence
Add Splunk Industrial Asset Intelligence accounts manually
This documentation applies to the following versions of Splunk® Industrial Asset Intelligence (Legacy): 1.1.0, 1.1.1, 1.2.1, 1.2.2, 1.3.0
Feedback submitted, thanks!