Docs » Manage users and teams » About roles in Splunk Observability Cloud » Splunk Observability Cloud matrix of roles and capabilities

Splunk Observability Cloud matrix of roles and capabilities πŸ”—

Splunk Observability Cloud lets you restrict access to certain features to specific groups of users using role-based access control. You assign roles to users. The following tables identify the permissions for the admin and user roles.

Metrics pipeline management πŸ”—

Permission

admin

power

usage

read_only

View metrics pipeline management metric summary (no ruleset)

Yes

Yes

Yes

Yes

View metrics pipeline management metric summary with rulesets

Yes

Yes

Yes

Yes

Edit default data routing

Yes

No

No

No

Add data routing exception rule

Yes

Yes

No

No

Edit data routing exception rule

Yes

Yes

No

No

Activate, deactivate, or delete data routing exception rule

Yes

Yes

No

No

Add MTS aggregation rule

Yes

Yes

No

No

Edit MTS aggregation rule

Yes

Yes

No

No

Activate, deactivate, or delete MTS aggregation rule

Yes

Yes

No

No

Delete entire metrics pipeline management ruleset

Yes

Yes, if default routing is real-time storage and the user deletes all aggregation rules. No, if default routing is Drop Data and the user deletes all aggregation rules. Metrics pipeline management doesn’t delete the ruleset. An Admin needs to change the routing to real-time storage and delete the ruleset.

No

No

Log Observer and Log Observer Connect πŸ”—

Permission

admin

power

usage

read_only

View Timeline

Yes

Yes

Yes

Yes

Live Tail

Yes

Yes

Yes

Yes

Search and filter logs

Yes

Yes

Yes

Yes

Aggregate logs

Yes

Yes

Yes

Yes

Create and manage field aliases

Yes

Yes

No

No

View individual log details

Yes

Yes

Yes

Yes

Create and manage log processing rules

Yes

Yes

No

No

Apply processing rules across historical data

Yes

Yes

No

No

Save and share Log Observer queries

Yes

Yes

No

No

Add logs data to Splunk Observability Cloud dashboards

Yes

Yes

Yes

No

Transform data with log processing rules

Yes

Yes

No

No

Create and manage log metricization rules

Yes

Yes

No

No

Create new S3 connection to allow infinite logging rules

Yes

No

No

No

Create and manage infinite logging rules

Yes

Yes - after admin creates S3 connection

No

No

View org subscription usage

Yes

No

Yes

No

Set up Log Observer Connect connection to Splunk platform

Yes

No

No

No

Alerts and detectors πŸ”—

Permission

admin

power

usage

read_only

View alerts

Yes

Yes

Yes

Yes

Create a new detector

Yes

Yes

No

No

Resolve an alert

Yes

Yes

No

No

Subscribe to notifications for a detector

Yes

Yes

No

No

View detectors

Yes

Yes

Yes

Yes

Manage subscriptions for a detector

Yes

Yes

No

No

Update permissions for a detector

Yes

Yes

No

No

Link a detector to teams

Yes

Yes

No

No

Delete, edit, mute, or clone a detector

Yes

Yes

No

No

Disable, clone, or update an AutoDetect detector

Yes

Yes

No

No

View muting rules for a detector

Yes

Yes

Yes

Yes

Create or delete muting rules for a detector

Yes

Yes

No

No

Create, delete, and modify service level objectives (SLOs)

Yes

Yes

No

No

View service level objectives (SLOs)

Yes

Yes

Yes

Yes

Infrastructure Monitoring navigators πŸ”—

Permission

admin

power

usage

read_only

View navigator

Yes

Yes

Yes

Yes

Edit navigator

Yes

Yes

No

No

Delete navigator

Yes

No

No

No

Infrastructure Monitoring dashboards πŸ”—

Permission

admin

power

usage

read_only

View dashboards

Yes

Yes

Yes

Yes

Edit dashboards

Yes

Yes

No

No

Delete dashboards

Yes

Yes

No

No

Splunk Synthetic Monitoring πŸ”—

Permission

admin

power

usage

read_only

Create, delete, or update test

Yes

Yes

No

No

Read test

Yes

Yes

Yes

Yes

Create or delete private location

Yes

No

No

No

Read private location

Yes

Yes

Yes

Yes

Create, read, or delete private location token

Yes

No

No

No

Create, read, or delete runners

Yes

No

No

No

Create, update, or delete downtime configuration

Yes

No

No

No

Read downtime configuration

Yes

Yes

Yes

Yes

Splunk Real User Monitoring πŸ”—

Permission

admin

power

usage

read_only

View RUM homepage

Yes

Yes

Yes

Yes

Create detector

Yes

Yes

No

No

View session search

Yes

Yes

Yes

Yes

View app overview dashboard

Yes

Yes

Yes

Yes

View tag spotlight

Yes

Yes

Yes

Yes

View session detail page

Yes

Yes

Yes

Yes

View URL grouping rule

Yes

Yes

Yes

Yes

Create, delete, or deactivate URL grouping rule

Yes

Yes

No

No

Edit or filter URL grouping rule

Yes

Yes

No

No

Splunk Application Performance Monitoring πŸ”—

Permission

admin

power

usage

read_only

View MetricSets

Yes

Yes

Yes

Yes

Create, edit, and delete MetricSets

Yes

No

No

No

View Business Workflows

Yes

Yes

Yes

Yes

Create, edit, and delete Business Workflows

Yes

No

No

No

View extended trace retention settings

Yes

Yes

Yes

Yes

Configure extended trace retention settings

Yes

No

No

No

Settings πŸ”—

General settings πŸ”—

Note

If enhanced team security is enabled, some of these permissions may change if a user is also designated as a Team Manager. Team Manager is not part of RBAC; it provides a user with additional permissions for managing a specific team. For details, see Team roles and permissions.

Permission

admin

power

usage

read_only

View General Settings

Yes

No

No

No

View Organization Overview

Yes

No

No

No

View org access tokens

Yes

Yes

Yes

Yes

Create, activate, edit, or deactivate an org access token

Yes

No

No

No

View org subscription usage

Yes

No

Yes

No

View Users

Yes

Yes

Yes

Yes

Invite, edit, or remove users

Yes

No

No

No

View Teams

Yes

Yes

Yes

Yes

Create or delete team

Yes

No

No

No

Edit team name and description

Yes

Yes

No

No

Join team

Yes

  • Yes, when enhanced team security is disabled

  • No, when enhanced team security is enabled. A user must be added by an Admin or Team Manager

No

No

Add or remove team member

Yes

No. Unless enhanced team security is enabled and the user is designated as a Team Manager.

No

No

Edit notification policy

Yes

No

No

No

Data configuration πŸ”—

Permission

admin

power

usage

read_only

View Global Data Links

Yes

Yes

Yes

Yes

Create, delete, or clone Global Data Links

Yes

No

No

No

View APM MetricSets

Yes

Yes

Yes

Yes

Help and support πŸ”—

Permission

admin

power

usage

read_only

Show Chat

Yes

Yes

Yes

Yes

Training

Yes

Yes

Yes

Yes

This page was last updated on Jun 07, 2024.