Splunk roles decide what the user can see, do, interact with Splunk with the access.
-
- Admin: role is the powerful role in the list of roles.
- install app
- ingest data
- create knowledge objects for all users
- Power: create and share knowledge objects for users of an app and do real time searches.
- this is in general people get to create alert and dashboards.
- User: can see only their own knowledge objects and those shared with them.
- Admin: role is the powerful role in the list of roles.
Each Organization has a config on having the types of user roles based on the hierarchy, billing, usage and may not be same across!
Note: Splunk enterprise roles varies bit form Splunk cloud roles including few more cloud specific roles.