Splunk® Enterprise

Securing Splunk Enterprise

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.1 will no longer be supported as of April 19, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Manage Splunk user roles with LDAP

To configure the Splunk platform to use LDAP authentication, you must first create a Splunk strategy for each LDAP server and then map Splunk roles to the groups on the LDAP server. When a user attempts to log in, the Splunk platform queries the servers to find the user. It grants the user permissions based on the roles that the user holds, based on what you have mapped to corresponding LDAP groups.

If you need to change the permissions that a user has, you have several options:

  • To change the permissions for a group of users, you can remap the LDAP group to a different Splunk role. You can also update the role itself to specify a different set of permissions or capabilities for it. You do this on the Splunk platform.
  • To change the permissions for an individual user, you can move the user to an LDAP group that you have mapped to a different Splunk role. You do this on the LDAP server.

Here are some example user management activities:

  • To assign a Splunk role to a user: First, in Splunk Web, confirm that you've mapped the Splunk role to an LDAP group. Then, on your LDAP server, add the user to that LDAP group.
  • To remove a Splunk role from a user: On your LDAP server, remove the user from the corresponding LDAP group.

A user can hold several roles. In that case, the user has access to all the capabilities available for those roles. For example, if the user is a member of both the docs and eng groups, and docs is mapped to "user" and eng is mapped to "admin", the user obtains all permissions assigned to both the "user" or "admin" roles.

The Splunk platform checks LDAP membership information when a user attempts to log in. You do not need to reload the authentication configuration when you add or remove users.

Last modified on 24 April, 2021
PREVIOUS
Set up user authentication with LDAP
  NEXT
LDAP prerequisites and considerations

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.5, 8.0.10, 7.2.1, 7.0.1, 8.0.4, 8.0.9, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0, 8.0.6, 8.0.7, 8.0.8


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters