Splunk® Industrial Asset Intelligence (Legacy)

Install and Upgrade Splunk Industrial Asset Intelligence

Acrobat logo Download manual as PDF

Splunk Industrial Asset Intelligence reached its End of Sale on February 24, 2020.
Acrobat logo Download topic as PDF

Manage role-based access to Splunk Industrial Asset Intelligence

To manage role-based access in Splunk Industrial Asset Intelligence (IAI), use the access control system built into the Splunk platform for authentication and authorization. Splunk platform administrators use this access control system to add users, assign users to roles, and assign those roles custom capabilities to provide limited, role-based access control for your organization.

Splunk IAI roles

Splunk IAI adds two roles to the default roles provided by the Splunk platform. These roles allow a Splunk platform administrator to assign access to specific functions in Splunk IAI based on a user's access requirements.

Assign this role to Splunk IAI administrators. Users with this role can create and manage asset hierarchies, operations, groups, calculated metrics, alerts, and views. This role inherits all the abilities of the iai_user role, and also grants the admin_all_objects, configure_iai, rt_search, and schedule_search capabilities.
Assign this role to users who need basic read access to Splunk IAI. This role can view spatial views, browse assets, view alerts, and analyze metrics with charts in the Analyze view. Users with this role cannot create, edit, or delete spatial views, metrics, alerts, hierarchies, or operations.

The following table summarizes the read/write/delete abilities for the Splunk IAI roles.

Object iai_admin iai_user
Operations read/write/delete read
Asset hierarchies read/write/delete read
Assets read read
Groups read/write/delete read
Raw metrics read read
Calculated metrics read/write/delete read
Alerts read/write/delete read
Monitor views read/write/delete read

Configure role-based access to indexes

The Splunk platform stores ingested data sources in multiple indexes. Distributing data into multiple indexes allows you to use role-based access controls and vary retention policies for data sources. For more information on using multiple indexes, see Why have multiple indexes? in Splunk Enterprise Managing Indexers and Clusters of Indexers.

The Splunk platform configures most roles to search only the main index by default when no index is specified. You can add additional indexes to the set of indexes searched by default by members of a specific role.

You can also restrict which indexes members of a role are able to search. Restricting access to indexes is useful for establishing role-based access controls for certain data sets in your organization. For example, you can create a custom role that inherits the iai_user role and restrict the set of indexes that members of this custom role are permitted to search. Restricting access to indexes allows you to ensure that different business units in your organization see only the data that is relevant to them.

To specify which indexes your Splunk IAI users are allowed to search and which indexes they search by default, assign the indexes that contain relevant metric and alarms data to custom roles that inherit the iai_user role.

Your role must have the edit_roles capability.


  1. Select Settings > Access Controls.
  2. Click Roles.
  3. Click New Role.
  4. Type a Name for the role.
  5. Under Inheritance click iai_user. Inheriting the iai_user role gives the members of this role read-access to Splunk IAI.
  6. Select indexes in the Indexes searched by default list that this role searches by default when no index is specified.
  7. Select indexes in the Indexes list that this role is allowed to search.
  8. Save your changes.
  9. Repeat for additional roles as needed.
  10. Add users to the custom role you created.

For more information about working with roles, see About configuring role-based user access in the Securing Splunk Enterprise manual.

Last modified on 23 January, 2019
Share data in Splunk Industrial Asset Intelligence
Add Splunk Industrial Asset Intelligence accounts manually

This documentation applies to the following versions of Splunk® Industrial Asset Intelligence (Legacy): 1.1.0, 1.1.1, 1.2.1, 1.2.2, 1.3.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters