Last week I made a video about how to setup new roles in Splunk 3.2 preview release. The video will demonstrate creating a new type of power user, with the same capability of a standard power user, and the addition of the ability to manage and create new users. You will also see how to create new roles by configuring authorize.conf.
(Update): While watching the video again and realized I sent a mixed message about where to edit configuration in splunk. I made it clear that you want to edit in the local bundle directory, and if you look at the terminal that is where I was editing my configuration, however, I later said “default over-rides local, so always edit in default”, this is WRONG. Always make your personalized configuration changes in the local directory, if the configuration file doesn’t exist there, create one or copy it from default and edit that one.
Take a look at the video and let me know if you have any questions about this stuff.
Posted by Ben Strawbridge