product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
Role specification and creation procedure
- release date
- 2015-05-06
- last updated
- 2023-12-01
- version
- Splunk Enterprise 9.0.3
- Overview
- Description of default role specifications, procedures for creating new roles
- Reference information
- content
-
Specifications of default roles
There are four types of roles provided by default in Splunk:
- admin:
This is an administrator role. Permissions required to manage things like importing data and changing settings are assigned. - power:
A role that allows sharing searches, alerts, tags, and event types with other users. - user:
This is a role for general users. Basically, it is assumed that searches are performed in the environment prepared by the administrator, and setting changes are not permitted. - can_delete:
A role that is permitted to execute the delete command for imported data.
In addition, "splunk-system-role" is a role used inside the system, and it is not recommended to assign it to users.
The privileges are the same as the admin role, but the settings for "Search Limits" are different, such as the search time range and number of simultaneous search jobs, etc., compared to the admin role.
For specific differences, please check the Splunk Web settings below.
- Settings > Roles > admin "Search Restrictions"
- Settings > Role > splunk-system-role "Search Restrictions"
Procedure for creating a new role
If you want to assign fine-grained permissions to users, you need to create a new role and select the permissions you want to assign.
After deciding the authority you want to assign, create a new role by following the setting procedure below.
[New role setting procedure]
- Access Splunk Web as the admin user.
- Click Settings > Roles > New Role.
- Check the permissions you want to use from the "1. Inheritance" and "2. Permissions" lists.
- On the "4. Index" tab, specify the index that can be searched by the user who will be assigned the role being created.
After creating the role, assign the role to the user by following the setting procedure below.
[New user creation procedure]
- Access Splunk Web as the admin user.
- Click Settings > Users > New User.
- Select the role you want to assign to "Selected Roles" and click "Save".
With the above settings, it is possible to create a role and create a user to assign it.
that's all
- admin:
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30
