By Splunk December 05, 2007
Hi Kids,
So we have added in flexible roles into the preview release. Well, what does that mean.
We will now allow folks to create their own roles. The previous ones of Admin, Power
and User will be included as defaults.
There is currently no GUI available for editing roles but you can directly edit the
config file $SPLUNK_HOME/etc/bundles/default/authorize.conf.
To add in these roles we did an audit of our system and broke down various actions
into capabilities. These capabilities can be grouped together to create any role.
Please bear with us here, this is just a first cut and we may not have chopped up
things in a way that makes sense to you. This is the beauty of preview, you got a suggestion
about capabilities you’d like to see added or removed then comment or mail us.
The more feedback we get at this stage the faster this feature will improve.
A role in the splunk system contains the following things.
1. A list of capabilities that role can perform.
2. A list of roles that are contained within this role ( their capabilities will be imported into our role)
3. A list of search filters that should be applied when searching as this role.
Below demonstrates how to define a role called kwyjibo that can edit users information and
make changes to the authentication system. It imports in the capabilities of the roles User and Power.
[role_kwyjibo]
edit_user = enabled
change_authentication = enabled
bounce_authentication = enabled
importRoles = Power;User
srchFilter =
If you have any questions, comments please let me know.
by Rory Greene