Splunk user roles decide what the user can see, do, interact with Splunk with the access. Three General roles are mentioned below:
-
- Administrator: role is the powerful role in the list of roles; – install app- ingest data- create knowledge objects for all users
- Power User: create and share knowledge objects for users of an app and do real time searches. – this is in general people get to create alert and dashboards.
- User role – can see only their own knowledge objects and those shared with them.
Each Organization has a config on having the types of user roles based on the hierarchy, billing, usage and may not be same across!