Splunk Observability Cloud matrix of roles and capabilities π
Splunk Observability Cloud lets you restrict access to certain features to specific groups of users using role-based access control. You assign roles to users. The following tables identify the permissions for the admin and user roles.
Metrics pipeline management π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View metrics pipeline management metric summary (no ruleset) |
Yes |
Yes |
Yes |
Yes |
View metrics pipeline management metric summary with rulesets |
Yes |
Yes |
Yes |
Yes |
Edit default data routing |
Yes |
No |
No |
No |
Add data routing exception rule |
Yes |
Yes |
No |
No |
Edit data routing exception rule |
Yes |
Yes |
No |
No |
Activate, deactivate, or delete data routing exception rule |
Yes |
Yes |
No |
No |
Add MTS aggregation rule |
Yes |
Yes |
No |
No |
Edit MTS aggregation rule |
Yes |
Yes |
No |
No |
Activate, deactivate, or delete MTS aggregation rule |
Yes |
Yes |
No |
No |
Delete entire metrics pipeline management ruleset |
Yes |
Yes, if default routing is real-time storage and the user deletes all aggregation rules. No, if default routing is Drop Data and the user deletes all aggregation rules. Metrics pipeline management doesnβt delete the ruleset. An Admin needs to change the routing to real-time storage and delete the ruleset. |
No |
No |
Log Observer and Log Observer Connect π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View Timeline |
Yes |
Yes |
Yes |
Yes |
Live Tail |
Yes |
Yes |
Yes |
Yes |
Search and filter logs |
Yes |
Yes |
Yes |
Yes |
Aggregate logs |
Yes |
Yes |
Yes |
Yes |
Create and manage field aliases |
Yes |
Yes |
No |
No |
View individual log details |
Yes |
Yes |
Yes |
Yes |
Create and manage log processing rules |
Yes |
Yes |
No |
No |
Apply processing rules across historical data |
Yes |
Yes |
No |
No |
Save and share Log Observer queries |
Yes |
Yes |
No |
No |
Add logs data to Splunk Observability Cloud dashboards |
Yes |
Yes |
Yes |
No |
Transform data with log processing rules |
Yes |
Yes |
No |
No |
Create and manage log metricization rules |
Yes |
Yes |
No |
No |
Create new S3 connection to allow infinite logging rules |
Yes |
No |
No |
No |
Create and manage infinite logging rules |
Yes |
Yes - after admin creates S3 connection |
No |
No |
View org subscription usage |
Yes |
No |
Yes |
No |
Set up Log Observer Connect connection to Splunk platform |
Yes |
No |
No |
No |
Alerts and detectors π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View alerts |
Yes |
Yes |
Yes |
Yes |
Create a new detector |
Yes |
Yes |
No |
No |
Resolve an alert |
Yes |
Yes |
No |
No |
Subscribe to notifications for a detector |
Yes |
Yes |
No |
No |
View detectors |
Yes |
Yes |
Yes |
Yes |
Manage subscriptions for a detector |
Yes |
Yes |
No |
No |
Update permissions for a detector |
Yes |
Yes |
No |
No |
Link a detector to teams |
Yes |
Yes |
No |
No |
Delete, edit, mute, or clone a detector |
Yes |
Yes |
No |
No |
Disable, clone, or update an AutoDetect detector |
Yes |
Yes |
No |
No |
View muting rules for a detector |
Yes |
Yes |
Yes |
Yes |
Create or delete muting rules for a detector |
Yes |
Yes |
No |
No |
Create, delete, and modify service level objectives (SLOs) |
Yes |
Yes |
No |
No |
View service level objectives (SLOs) |
Yes |
Yes |
Yes |
Yes |
Infrastructure Monitoring dashboards π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View dashboards |
Yes |
Yes |
Yes |
Yes |
Edit dashboards |
Yes |
Yes |
No |
No |
Delete dashboards |
Yes |
Yes |
No |
No |
Splunk Synthetic Monitoring π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
Create, delete, or update test |
Yes |
Yes |
No |
No |
Read test |
Yes |
Yes |
Yes |
Yes |
Create or delete private location |
Yes |
No |
No |
No |
Read private location |
Yes |
Yes |
Yes |
Yes |
Create, read, or delete private location token |
Yes |
No |
No |
No |
Create, read, or delete runners |
Yes |
No |
No |
No |
Create, update, or delete downtime configuration |
Yes |
No |
No |
No |
Read downtime configuration |
Yes |
Yes |
Yes |
Yes |
Splunk Real User Monitoring π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View RUM homepage |
Yes |
Yes |
Yes |
Yes |
Create detector |
Yes |
Yes |
No |
No |
View session search |
Yes |
Yes |
Yes |
Yes |
View app overview dashboard |
Yes |
Yes |
Yes |
Yes |
View tag spotlight |
Yes |
Yes |
Yes |
Yes |
View session detail page |
Yes |
Yes |
Yes |
Yes |
View URL grouping rule |
Yes |
Yes |
Yes |
Yes |
Create, delete, or deactivate URL grouping rule |
Yes |
Yes |
No |
No |
Edit or filter URL grouping rule |
Yes |
Yes |
No |
No |
Splunk Application Performance Monitoring π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View MetricSets |
Yes |
Yes |
Yes |
Yes |
Create, edit, and delete MetricSets |
Yes |
No |
No |
No |
View Business Workflows |
Yes |
Yes |
Yes |
Yes |
Create, edit, and delete Business Workflows |
Yes |
No |
No |
No |
View extended trace retention settings |
Yes |
Yes |
Yes |
Yes |
Configure extended trace retention settings |
Yes |
No |
No |
No |
Settings π
General settings π
Note
If enhanced team security is enabled, some of these permissions may change if a user is also designated as a Team Manager. Team Manager is not part of RBAC; it provides a user with additional permissions for managing a specific team. For details, see Team roles and permissions.
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View General Settings |
Yes |
No |
No |
No |
View Organization Overview |
Yes |
No |
No |
No |
View org access tokens |
Yes |
Yes |
Yes |
Yes |
Create, activate, edit, or deactivate an org access token |
Yes |
No |
No |
No |
View org subscription usage |
Yes |
No |
Yes |
No |
View Users |
Yes |
Yes |
Yes |
Yes |
Invite, edit, or remove users |
Yes |
No |
No |
No |
View Teams |
Yes |
Yes |
Yes |
Yes |
Create or delete team |
Yes |
No |
No |
No |
Edit team name and description |
Yes |
Yes |
No |
No |
Join team |
Yes |
|
No |
No |
Add or remove team member |
Yes |
No. Unless enhanced team security is enabled and the user is designated as a Team Manager. |
No |
No |
Edit notification policy |
Yes |
No |
No |
No |
Data configuration π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
View Global Data Links |
Yes |
Yes |
Yes |
Yes |
Create, delete, or clone Global Data Links |
Yes |
No |
No |
No |
View APM MetricSets |
Yes |
Yes |
Yes |
Yes |
Help and support π
Permission |
admin |
power |
usage |
read_only |
|---|---|---|---|---|
Show Chat |
Yes |
Yes |
Yes |
Yes |
Training |
Yes |
Yes |
Yes |
Yes |