Splunk Observability Cloud roles 🔗

Splunk Observability Cloud lets you restrict access to certain features to specific groups of users using role-based access control. You assign roles to users. The following tables identify the permissions for the admin and user roles.

Metrics pipeline management 🔗

Permission	admin	power	usage	read_only
View metrics pipeline management metric summary (no ruleset)	Yes	Yes	Yes	Yes
View metrics pipeline management metric summary with rulesets	Yes	Yes	Yes	Yes
Edit default data routing	Yes	No	No	No
Add data routing exception rule	Yes	Yes	No	No
Edit data routing exception rule	Yes	Yes	No	No
Activate, deactivate, or delete data routing exception rule	Yes	Yes	No	No
Add MTS aggregation rule	Yes	Yes	No	No
Edit MTS aggregation rule	Yes	Yes	No	No
Activate, deactivate, or delete MTS aggregation rule	Yes	Yes	No	No
Delete entire metrics pipeline management ruleset	Yes	Yes, if default routing is real-time storage and the user deletes all aggregation rules. No, if default routing is Drop Data and the user deletes all aggregation rules. Metrics pipeline management doesn’t delete the ruleset. An Admin needs to change the routing to real-time storage and delete the ruleset.	No	No

Log Observer and Log Observer Connect 🔗

Permission	admin	power	usage	read_only
View Timeline	Yes	Yes	Yes	Yes
Live Tail	Yes	Yes	Yes	Yes
Search and filter logs	Yes	Yes	Yes	Yes
Aggregate logs	Yes	Yes	Yes	Yes
Create and manage field aliases	Yes	Yes	No	No
View individual log details	Yes	Yes	Yes	Yes
Create and manage log processing rules	Yes	Yes	No	No
Apply processing rules across historical data	Yes	Yes	No	No
Save and share Log Observer queries	Yes	Yes	No	No
Add logs data to Splunk Observability Cloud dashboards	Yes	Yes	Yes	No
Transform data with log processing rules	Yes	Yes	No	No
Create and manage log metricization rules	Yes	Yes	No	No
Create new S3 connection to allow infinite logging rules	Yes	No	No	No
Create and manage infinite logging rules	Yes	Yes - after admin creates S3 connection	No	No
View org subscription usage	Yes	No	Yes	No
Set up Log Observer Connect connection to Splunk platform	Yes	No	No	No

Alerts and detectors 🔗

Permission	admin	power	usage	read_only
View alerts	Yes	Yes	Yes	Yes
Create a new detector	Yes	Yes	No	No
Resolve an alert	Yes	Yes	No	No
Subscribe to notifications for a detector	Yes	Yes	No	No
View detectors	Yes	Yes	Yes	Yes
Manage subscriptions for a detector	Yes	Yes	No	No
Update permissions for a detector	Yes	Yes	No	No
Link a detector to teams	Yes	Yes	No	No
Delete, edit, mute, or clone a detector	Yes	Yes	No	No
Disable, clone, or update an AutoDetect detector	Yes	Yes	No	No
View muting rules for a detector	Yes	Yes	Yes	Yes
Create or delete muting rules for a detector	Yes	Yes	No	No

Infrastructure Monitoring navigators 🔗

Permission	admin	power	usage	read_only
View navigator	Yes	Yes	Yes	Yes
Edit navigator	Yes	Yes	No	No
Delete navigator	Yes	No	No	No

Infrastructure Monitoring dashboards 🔗

Permission	admin	power	usage	read_only
View dashboards	Yes	Yes	Yes	Yes
Edit dashboards	Yes	Yes	No	No
Delete dashboards	Yes	Yes	No	No

Splunk Synthetic Monitoring 🔗

Permission	admin	power	usage	read_only
Create, delete, or update test	Yes	Yes	No	No
Read test	Yes	Yes	Yes	Yes
Create or delete private location	Yes	No	No	No
Read private location	Yes	Yes	Yes	Yes
Create, read, or delete private location token	Yes	No	No	No
Create, read, or delete runners	Yes	No	No	No

Splunk Real User Monitoring 🔗

Permission	admin	power	usage	read_only
View RUM homepage	Yes	Yes	Yes	Yes
Create detector	Yes	Yes	No	No
View session search	Yes	Yes	Yes	Yes
View app overview dashboard	Yes	Yes	Yes	Yes
View tag spotlight	Yes	Yes	Yes	Yes
View session detail page	Yes	Yes	Yes	Yes
View URL grouping rule	Yes	Yes	Yes	Yes
Create, delete, or deactivate URL grouping rule	Yes	Yes	No	No
Edit or filter URL grouping rule	Yes	Yes	No	No

Splunk Application Performance Monitoring 🔗

Permission	admin	power	usage	read_only
View MetricSets	Yes	Yes	Yes	Yes
Create, edit, and delete MetricSets	Yes	No	No	No
View Business Workflows	Yes	Yes	Yes	Yes
Create, edit, and delete Business Workflows	Yes	No	No	No
View extended trace retention settings	Yes	Yes	Yes	Yes
Configure extended trace retention settings	Yes	No	No	No

Settings 🔗

General settings 🔗

Note

If enhanced team security is enabled, some of these permissions may change if a user is also designated as a Team Manager. Team Manager is not part of RBAC; it provides a user with additional permissions for managing a specific team. For details, see Team roles and permissions.

Permission	admin	power	usage	read_only
View General Settings	Yes	No	No	No
View Organization Overview	Yes	No	No	No
View org access tokens	Yes	Yes	Yes	Yes
Create, activate, edit, or deactivate an org access token	Yes	No	No	No
View org subscription usage	Yes	No	Yes	No
View Users	Yes	Yes	Yes	Yes
Invite, edit, or remove users	Yes	No	No	No
View Teams	Yes	Yes	Yes	Yes
Create or delete team	Yes	No	No	No
Edit team name and description	Yes	Yes	No	No
Join team	Yes	Yes, when enhanced team security is disabled No, when enhanced team security is enabled. A user must be added by an Admin or Team Manager	No	No
Add or remove team member	Yes	No. Unless enhanced team security is enabled and the user is designated as a Team Manager.	No	No
Edit notification policy	Yes	No	No	No

Data configuration 🔗

Permission	admin	power	usage	read_only
View Global Data Links	Yes	Yes	Yes	Yes
Create, delete, or clone Global Data Links	Yes	No	No	No
View APM MetricSets	Yes	Yes	Yes	Yes

Help and support 🔗

Permission	admin	power	usage	read_only
Show Chat	Yes	Yes	Yes	Yes
Training	Yes	Yes	Yes	Yes

Was this topic useful?

Was this documentation topic helpful?

Enter your email address if you would like someone from the documentation team to reply to your question or suggestion.

Please provide your comments here. Ask a question or make a suggestion.

Comment should have minimum 5 characters and maximum of 1000 characters.

Feedback submitted, thanks!