Splunk Cloud Platform

Securing Splunk Cloud Platform

Manage roles in the New Search and Dashboards Experience

On the Splunk platform, as an administrator, you can assign roles to users using groups. Groups and roles determine the level of access that those users have to the platform and the tasks that they can perform on the platform. Splunk Cloud Platform comes with a set of default groups and roles, and you can also create your own custom groups and roles that you can tailor to the needs of your organization.

Roles can contain one or more capabilities that provide access to specific parts of the Splunk platform. A user that holds a role receives all of the capabilities that come with the role. Additionally, roles can inherit capabilities from other roles.

You can use groups and roles for the following security-related tasks:

  • To restrict the scope of searches.
  • To inherit capabilities and available indexes from other roles.
  • To specify user capabilities.
  • To set the default index or indexes that a user is to search when they do not specify an index in their search command.
  • To specify which indexes that a user can search.

In the New Search and Dashboards Experience, you create a role in a different way than you do on Splunk Cloud Platform. When you visit the Roles page in Splunk Cloud Platform, a link appears to manage groups and roles in the new experience.

For more information about capabilities in user roles, see About defining roles with capabilities and List of capabilities.

Manage roles in the New Search and Dashboards Experience (Preview)

  1. Log into the Splunk Cloud Platform instance as a user with rights to manage roles..
  2. From the system bar, select Settings > Roles. The "Roles" page loads.
  3. Select Manage the New Splunk Cloud Platform Experience (Preview) Groups and Roles
  4. See Manage groups and roles in the Splunk Cloud Console manual for continued instructions on the procedure.
Last modified on 15 September, 2022
Create and manage roles with Splunk Web   Find existing users and roles

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312, 9.2.2403

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters