About users and roles
You can create users with passwords and assign them to roles that you have created. Splunk Enterprise Free does not support user authentication.
Splunk Enterprise supports three types of authentication systems, which are described in the Securing Splunk Enterprise manual.
- Native authentication. See "Set up user authentication with Splunk Enterprise native authentication" for more information.
- LDAP. Splunk supports authentication with its internal authentication services or your existing LDAP server. See "Set up user authentication with LDAP" for more information.
- Scripted authentication API. Use scripted authentication to connect Splunk native authentication with an external authentication system, such as RADIUS or PAM. See "Set up user authentication with external systems" for more information.
Users are assigned to roles. A role contains a set of capabilities. Capabilities specify what actions are available to roles. For example, capabilities determine whether someone with a particular role is allowed to add inputs or edit saved searches. The various capabilities are listed in "About defining roles with capabilities" in the Securing Splunk Enterprise manual.
By default, Splunk Enterprise comes with the following roles predefined:
- admin -- this role has the most capabilities assigned to it.
- power -- this role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
- user -- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
- can_delete -- This role allows the user to delete by keyword. This capability is necessary when using the delete search operator.
Note Do not edit the predefined roles. Instead, create custom roles that inherit from the built-in roles, and modify the custom roles as required.
For detailed information on roles and how to assign users to roles, see the chapter "Users and role-based access control" in the Securing Splunk Enterprise manual.
Find existing users and roles
To locate an existing user or role in Splunk Web, use the Search bar at the top of the Users or Roles page in the Access Controls section by selecting Settings > Access Controls. Wildcards are supported. By default Splunk Enterprise searches in all available fields for the string that you enter. To search a particular field, specify that field. For example, to search only email addresses, type "email=<email address or address fragment>:, or to search only the "Full name" field, type "realname=<name or name fragment>. To search for users in a given role, use "roles=".
Managing app and add-on configurations and properties
Configure user language and locale
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4