Skip to main content
Version: Next

Roles

The roles and their capabilities in Alert Manager Enterprise are displayed in the table below.

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Application
App installation
App update
AME setup
AME update tasks
AME configuration (license, logging, proxy)
Events
View events
Add and view comments to existing events
View the count, history and result fields
Filter events by time range
Filter events by tag
Search events by priority
Invoke Splunk Workflow Actions
Modify events
Assign a user to an event
Update the notification scheme
Update the status of an event
Update the urgency of an event
Edit multiple events at the same time
Update the status of an event
Tag an event with MITRE ATT&CK or CYBER kill-chain
Start the search that created the event
Delete events
Templates 
Apply template on alert action
Create template
Update template
Delete template
Rules
Set rules to suppress alerts concerning an event
Set conditions for an event to become automatically resolved
Delete status
Set time restrictions for rules to be applied
Tags
Create tags
Update tags
Delete tags
Update predefined MITRE ATT&CK© tags
Tenants
Create tenants
Configuration templates available
Delete uninitialized tenants
Test HEC Connectivity
Initialize tenants with the corresponding event collection and roles
Delete initialized tenants
Notifications
Assign a status to an event that will trigger the notifications specified in the events notification scheme
Configure notifications on status change
Statuses
Create statuses
Update statuses
Delete statuses
Set description for statuses
Resolutions
Create resolution
Update resolution
Delete resolution
Set description for resolutions
SLAs
Create SLA
Update SLA
Delete SLA