Current ThreatQ Version Filter
Role-Based Permissions
The following sections and tables outline how Splunk roles are mapped with the App and Add-On's permissions.
User Capabilities
If a custom role for a service account is used, the following two capabilities are required for our app to run:
- list_storage_passwords - the
list_storage_passwordscapability is required for theGEToperation. - admin_all_objects - the
admin_all_objectscapability is required for thePOSToperation.
Configuring Account
| Splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | No | No | No | No | No |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | No | No | No | No | No |
| can_delete | No | No | No | No | No |
| ess_user | No | No | No | No | No |
| ess_analyst | No | No | No | No | No |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
Configuring Input
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | No | No | No | No | No |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | No | No | Yes | No | No |
| can_delete | No | No | No | No | No |
| ess_user | No | No | Yes | No | No |
| ess_analyst | No | No | Yes | No | No |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
Data Collection Management
| splunk Role | Enable | Disable |
|---|---|---|
| Admin | Yes | Yes |
| Power | Yes | Yes |
| Splunk_System_Role | Yes | Yes |
| User | Yes | Yes |
| can_delete | No | No |
| ess_user | Yes | Yes |
| ess_analyst | Yes | Yes |
| ess_admin | Yes | Yes |
Use Workflow Actions
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | No | No | No | No | No |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | No | No | No | No | No |
| can_delete | No | No | No | No | No |
| ess_user | No | No | No | No | No |
| ess_analyst | No | No | No | No | No |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
Use Alert Actions
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | No | No | No | No | No |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | No | No | No | No | No |
| can_delete | No | No | No | No | No |
| ess_user | No | No | No | No | No |
| ess_analyst | No | No | No | No | No |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
App Configuration
| splunk Role | Edit | View |
|---|---|---|
| Admin | Yes | Yes |
| Power | No | Yes |
| Splunk_System_Role | Yes | Yes |
| User | No | Yes |
| can_delete | No | No |
| ess_user | No | Yes |
| ess_analyst | No | Yes |
| ess_admin | Yes | Yes |
Use Raw Matching Saved Searches
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | Yes | Yes | Yes | Yes | Yes |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | Yes | Yes | Yes | Yes | Yes |
| can_delete | Yes | Yes | Yes | Yes | Yes |
| ess_user | Yes | Yes | Yes | Yes | Yes |
| ess_analyst | Yes | Yes | Yes | Yes | Yes |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
Use Data Model Saved Searches
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | Yes | Yes | Yes | Yes | Yes |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | Yes | Yes | Yes | Yes | Yes |
| can_delete | Yes | Yes | Yes | Yes | Yes |
| ess_user | Yes | Yes | Yes | Yes | Yes |
| ess_analyst | Yes | Yes | Yes | Yes | Yes |
| ess_admin | Yes | Yes | Yes | Yes | Yes |
Use Enterprise Security Searches
| splunk Role | Create | Edit | View | Clone | Delete |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Power | Yes | Yes | Yes | Yes | Yes |
| Splunk_System_Role | Yes | Yes | Yes | Yes | Yes |
| User | Yes | Yes | Yes | Yes | Yes |
| can_delete | Yes | Yes | Yes | Yes | Yes |
| ess_user | Yes | Yes | Yes | Yes | Yes |
| ess_analyst | Yes | Yes | Yes | Yes | Yes |
| ess_admin | Yes | Yes | Yes | Yes | Yes |