Splunk® App for Infrastructure (Legacy)

Administer Splunk App for Infrastructure

Admin and user roles in Splunk App for Infrastructure

The Splunk App for Infrastructure (SAI) supports three pre-defined user roles: admin, power, and user. If you are a Splunk Cloud user, SAI supports the sc_admin role instead of the admin role. You cannot create custom roles or modify capabilities for a role in SAI.

SAI checks for pre-defined role names in a user or group. If a pre-defined role is not directly associated with a user or group, SAI doesn't recognize the capabilities for a pre-defined role. This means if you inherit a pre-defined role in a custom role, SAI doesn't recognize the capabilities of the pre-defined role in the custom role.

When logged in to SAI, the roles have the following permissions.

admin role permissions

Permitted to Not permitted to
  • Create, read, update, delete notification settings (email, VictorOps, Slack and custom webhook)
  • Create, read, update, delete groups
  • Read, delete entities
  • Access and configure all Add Data pages
  • Create, read, update, delete alerts
  • Save workspaces as dashboards
  • N/A

sc_admin role permissions

Ensure that each sc_admin user is assigned the sc_admin and power roles. To do so, log in as an sc_admin user. Follow these steps to confirm roles.

  1. From Splunk Web, go to Settings > Access controls.
  2. Click Users.
  3. For each sc_admin user, verify the roles In the Roles column.
  4. If an sc_admin user is not assigned the power role, click Edit for the user in the Actions column.
  5. For Assign to roles, move the power role to the Selected item(s) cell.
  6. Click Save.

An sc_admin user with the sc_admin and power roles has the following permissions in SAI.

Permitted to Not permitted to
  • Create, read, update, delete notification settings (email, VictorOps, Slack and custom webhook)
  • Create, read, update, delete groups
  • Read, delete entities
  • Access and configure all Add Data pages
  • Create, read, update, delete alerts
  • Save workspaces as dashboards
  • N/A

power role permissions

Permitted to Not permitted to
  • Create, read, update, delete groups
  • Read, delete entities
  • Access and configure all Add Data pages
  • Create, read, update, delete email, Slack, and custom webhook alerts
  • Read and delete VictorOps alerts
  • Save workspaces as dashboards
  • Create, read, update, delete notification settings (email, VictorOps, Slack and custom webhook)
  • Create and update VictorOps alerts

user role permissions

Permitted to Not permitted to
  • Create, read, update groups
  • Read entities
  • Read alerts
  • Create, read, update, delete notification settings (email, VictorOps, Slack, and custom webhook)
  • Delete groups
  • Delete entities
  • Access all Add Data pages
  • Create, update, delete alerts
  • Save workspaces as dashboards
Last modified on 07 July, 2020
Create and modify alerts in Splunk App for Infrastructure   Integrating the Splunk App for Infrastructure with ITSI

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters