Splunk Cloud

Splunk Cloud User Manual

Download manual as PDF

Download topic as PDF

Manage Splunk Cloud users and roles

Splunk Cloud administrators can create users and assign roles to them. Roles are named collections of capabilities that determine the access and permissions of any user assigned that role. Splunk Cloud comes with predefined user accounts and roles. You can also create custom user accounts and roles.

User accounts that have multiple roles inherit properties from the role with the broadest permissions, as follows.

  • Search filters: Users that are assigned multiple roles inherit the capabilities from all assigned roles. For example, if you define two roles with different search filters, and a user account is assigned both roles, then the search filters and restrictions of both roles apply to the user. If a user that has no search restrictions is assigned a role that has search restrictions, the user inherits the search restrictions.
  • Allowed indexes: Users who have multiple roles with multiple indexes assigned get the highest level of index access assigned for any of the roles. For example, if a user is assigned both the "user" role, which limits index access to a single index, and the power role, which allows access to all indexes, the user has access to all indexes. If you want the same user account to inherit capabilities from a different "advanced user" role, but nothing more, create a new role specifically for that user.
  • Capabilities: Users who have multiple roles with multiple capabilities inherit the combined capabilities of all roles. For example if an administrator creates a user account and assigns the "administrator" role with 15 capabilities, and also assigns the "advanced user" role, with a different set of 15 capabilities, the user account has the combined 30 capabilities of both roles.

Manage Splunk Cloud users

You administer users from the Users page in Splunk Web.

Do not delete or edit the Splunk Cloud system user roles: admin, app-installer, index-manager, internal_ops_admin, and internal_monitoring. Splunk uses these system user roles to perform essential monitoring and maintenance activities. See the section System User Roles in this topic for more information.

Create a Splunk Cloud user account

To create an account for a Splunk Cloud user, perform the following steps:

  1. Go to Settings > Access controls.
  2. In the Users row, click Add New.
  3. Enter a name for the user account in the Username field.
  4. Enter the first and last name of the user in the Full name field.
  5. Enter an email address at which you can contact the user in the Email address field.
  6. Select the time zone for the user. This optionally allows users to view events and other information in their local time zone.
  7. (Optional) Set a default app if you want to override the default app that launches after the user logs in. If unset, the user account inherits the default app that belongs to the role.
  8. Assign at least one role to the user or select Create a role for this user to create a new role and assign it to the user. Multiple roles inherit permissions.
  9. Enter a temporary password for the user. The password must contain at least eight characters.
  10. Reenter the temporary password.
  11. Click Save.

The user account appears in the Users page under the Username column. You can contact the user to provide the login credentials needed to access Splunk Cloud. Inform the user to change the temporary password immediately after the first login.

Invite users to your Splunk Cloud instance

If you have a self-service Splunk deployment, invite users to your Splunk Cloud instance as follows:

  1. Go to Settings > Access controls.
  2. Click Invite Users. The Invite to Splunk dialog is displayed.
  3. Enter the name of the user you want to invite, choose the role to be assigned to the user and click Send.

If the desired role isn't listed, cancel the invitation, click the manage product roles link, and add the role. Note that the role must also be defined on the Access controls > Roles page.

Change a Splunk Cloud user account

Splunk Cloud administrators can update user settings.

  1. Go to Settings > Access controls.
  2. Click Users.
  3. Click the username for the user that you want to update.
  4. Update the settings and click Save.

Clone a Splunk Cloud user account

Splunk Cloud administrators can clone a user account. The clone operation creates a new user account with the same settings as the cloned user account, except for the username. The username must be unique for each user account.

  1. Go to Settings > Access controls.
  2. Click Users.
  3. Click Clone in the Action column.
  4. Enter a unique username for the user in the Username field.
  5. Optionally, update additional settings.
  6. Click Save.

The new user account appears in the Users page.

Delete a Splunk Cloud user account

Splunk Cloud administrators can delete user accounts.

  1. Go to Settings > Access controls.
  2. Click Users.
  3. Click Delete in the Action column.
  4. Click OK.

Manage Splunk Cloud roles

Each user account is assigned one or more roles. Roles give users permissions to perform tasks in Splunk Cloud based on the capabilities assigned to the role. To manage roles, you must be a Splunk Cloud administrator. Do not edit the predefined roles that are provided by Splunk Cloud. Instead, create custom roles that inherit from the built-in roles, and then modify the custom roles as required.

Do not delete or edit the Splunk Cloud system user roles: admin, app-installer, index-manager, internal_ops_admin, and internal_monitoring. Splunk uses these system user roles to perform essential monitoring and maintenance activities. See the section System User Roles in this topic for more information.

Use roles to:

  • Restrict the scope of searches.
  • Inherit capabilities and available indexes from other roles.
  • Specify user capabilities.
  • Set the default index or indexes to search when no index is specified.
  • Specify which indexes to search.

For more information about capabilities in user roles, see About defining roles with capabilities and List of capabilities in the Securing Splunk Enterprise manual.

Create roles in managed Splunk Cloud deployments

  1. Go to Settings > Access controls.
  2. Click Roles.
  3. Click New.
  4. Complete the Add new role form.
  5. Click Save.

Create roles in self-service Splunk Cloud deployments

  1. Log into Splunk Cloud and go to Settings > Access Controls.
  2. Click Roles.
  3. Click New and create a custom role with a unique name.
  4. Go to the Splunk Customer Portal and click manage product roles.
  5. Click Add new.
  6. Enter the name of the custom role that you created in Splunk Cloud and click the Save button.

System User Roles

Splunk uses system user roles to perform essential monitoring and maintenance activities.

Do not delete or edit the Splunk Cloud system user roles: admin, app-installer, index-manager, internal_ops_admin, and internal_monitoring.

General abilities of system user roles

The following table provides information about the general abilities of the internal_monitoring and internal_ops_admin system user roles.

internal_ops_admin internal_monitoring
Search internal data x
Search external data
Manage configurations x
Manage authentication
Manage ingestion x
Restart splunk x
Gather internal metadata x x
PREVIOUS
Archive expired Splunk Cloud data
  NEXT
Configure SAML single sign-on (SSO) to Splunk Cloud

This documentation applies to the following versions of Splunk Cloud: 6.6.3, 7.0.0, 7.0.2, 7.0.3, 7.0.5, 7.0.8, 7.0.11, 7.1.3, 7.1.6, 7.2.3, 7.2.4, 7.2.6, 7.2.7, 8.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters