Splunk Cloud Platform

Search Experience preview

This documentation does not apply to the most recent version of Splunk Cloud Platform. For documentation on the most recent version, go to the latest release.

Grant users access to indexes in Search Experience preview

As an admin in the Search Experience preview, you can grant other users access to indexes from your Splunk Cloud Platform deployment.

Prerequisite You must establish a connection between your current Splunk Cloud deployment and the Search Experience preview before you can permission the indexes. See Connecting your Splunk Cloud deployment to Splunk Cloud Experience.

If you want to give some users access to a set of indexes and another set of users access to a different set of indexes, see How to give different types of access to different users.

Add yourself to the tenant users group

To edit the list of users on your tenant, as an admin you must add yourself to the Tenant Users group:

  1. Login to the Search Experience preview as an admin.
  2. In the Cloud Console, click Groups, as shown in the following image:
    This image shows the tabs in the Cloud Console. The tabs are Home, Users, Groups, Roles, and Subscriptions.

  3. In the Name column, find the Tenant Users group and select the corresponding More options icon This image shows an icon with three dots in a vertical column..
  4. Click Edit Group.
  5. On the Edit Users step, select your name.
  6. Click Next.
  7. On the Review and Confirm step, verify the group name and your name and click Save and Close.

Share indexes with a group

To share access to your indexes, you must complete the following tasks:

  • Create an access role
  • Create a group
  • Assign roles to the group
  • Add users to the tenant name.users group
  • Invite users to the tenant

The steps for these tasks are described in the following sections.

If you plan to grant different types of access to different users, read How to give different types of access to different users before completing these steps.

Create an access role for each index

You need to create an access role for each index that you have made available from your Splunk Cloud Platform deployment:

  1. In the Splunk Cloud Console, click Home to access the Home page in the Search Experience preview.
  2. Click Datasets and select an index that you want to share.
    This image shows the Home page with the Datasets option highlighted.

  3. Click Create Access Role, which creates a role for the selected index.
    This image shows the right pane on the Datasets page, which shows Access Role  information.

  4. Under Access Role, click the Copy to clipboard icon.
    This image shows the access role information. The copy icon, which looks like two pages, is highlighted.

    To grant access to other indexes, you must create a separate access role for each index. You might want to paste the Access Role information into a notepad to keep track of the roles you create.

Create a new user group

Create one or more user groups. Groups control which users have access to each index. A user can be part of more than one group.

  1. Click the Settings icon This image shows an icon that looks like a gear. and select Cloud Console. The Cloud Console opens in a new browser tab.
  2. In the Cloud Console, click Groups.
  3. Click + New Group.
    This image shows the New Group button.

  4. On the Set Group Name step, specify a unique name for the Group Name.

    Use a name that it is similar to the index that you plan to share. This name can't be changed later.

    This image shows the first step, Set Group Name, when creating a new group. The other steps are 'Select Users" and "Review and Confirm".

  5. Click Next.
  6. On the Select Users step, at this point in the setup there are no other users on the tenant. You will assign users to the group in a later step. Your name is already selected. Click Next.
  7. On the Review and Confirm step, verify the group name and your name, and click Create.

Assign a group to an access role

Assign a user groups to the access role for an index.

  1. In the Cloud Console, click Roles.
  2. Click Manage Assignments.
  3. Check the user group that you created and click Next.
  4. Assign the group to one or more access roles. These are the access roles that you copied to the clipboard in an earlier step. Check the access roles that you created for the indexes. For example, if you want this group to have access to three indexes, check those three access roles.
  5. Click Save.
  6. To manage role assignments for a different group, click Manage Assignments again and repeat the assignment steps until you have assigned all the groups that you created to an access role.

Invite users to the tenant

After you manage the role assignments, you are ready to invite users to the Search Experience preview.

When you invite users to the tenant, you specify which group you want the users to have access to. For example, if you want userA to have access to group1 and group2, you must invite userA once for group1 and again for group2

In addition to adding users to the groups you created, you must add users to the group for your specific tenant which is the <tenant name>.users. The name of the tenant users group is the same as the name of the Cloud stack in Splunk Cloud Platform deployment. For example, if the name of your Cloud stack is splk_test_icx_01, the name of the tenant users group is splk_test_icx_01.users.

  1. In the Cloud Console, click Users.
  2. Click + Invite User.
  3. Type the email address for the first user and press Enter. Type the email address for the next user and and press Enter. Continue to add users until all of the users that you want to invite for a specific group are added.
  4. In the Available groups list, check the groups that you want to invite these users to:
    • Select the group that you created for the role
    • Select the <tenant name>.users group

    This image shows the Invite Users dialog box. An email address has been added and two groups are selected.

  5. Optional. Type a note to the users that explains why they are receiving this email invitation.
  6. Click Next.
  7. Confirm the email addresses and click Send Invite.
  8. If you created multiple groups for different users, you need to repeat these steps for each group that you want to assign users to.

Modify access to the indexes

After the initial setup, you can make create new groups and adjust user access.

Verify a user has access to the tenant

  1. In the Cloud Console, click Users.
  2. Use the Search for users box tot look for the user name.
  3. If the user name does not appear in the list, see Invite users to the tenant.

Add existing users to a different group

If a user is already invited to the tenant, they have access to at least one group. You can add the user to a different group:

  1. In the Cloud Console, click Groups.
  2. Next to the group you want to modify, select the More options icon This image shows an icon with three dots in a vertical column..
  3. Click Edit Group.
  4. On the Edit Users step, select the users that you want to add to the group.
  5. Click Next.
  6. On the Review and Confirm step, verify the group name and user names and click Save and Close.

Do not add users to the Tenant Admins, Tenant Users, or EC Admin. groups. These are groups only for admins.

How to give different types of access to different users

There might be situations, such as for security reasons, where you need to give different types of access to the indexes on your current Splunk Cloud deployment to your users.

The following scenario describes how you accomplish this when you grant permissions in the Search Experience preview.

Setting up the connection to the Splunk Cloud Platform deployment indexes

Suppose that when you set up the connection, you shared three indexes from your current Splunk Cloud deployment with your service account (service_acct_scp). Those indexes are:

  • index_a
  • index_b
  • index_d

The following table shows your security requirements:

User Access
userA Is authorized to access index_a and index_b
userB Is authorized to access index_b
userC Is not authorized to access any of the indexes

Permissioning your indexes in the Search Experience preview

You follow the detailed steps in the section Sharing one or more indexes with a group section, with the following adjustments:

  1. You create three separate roles. Use the Create access role button on the Datasets page for each of the three indexes.
  2. You create two groups, group1 and group2 by creating the appropriate groups in the Cloud Console:
    • The group1 group contains the roles for index_a and index_b.
    • The group2 group contains the role for index_b.
  3. Give your users access to the indexes:
    • userA needs view access to both index_a and index_b and is added to group1.
    • userB needs view access to index_b is added to group2.
    • userC does not need access to any index and is not added to any group.

The following diagram illustrates these settings:

This diagram shows...

Next step

Now that you have granted permission to your deployment indexes, you can:

Last modified on 26 January, 2023
Connecting your Splunk Cloud deployment to Search Experience preview   Install and refresh the sample data

This documentation applies to the following versions of Splunk Cloud Platform: search2preview


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters