Access Control

Roles

ElasticSPL shipps with a set of custom roles. It is advised configure your existing roles to inherit capabilities from the default roles.

Role	Description	Inheritance	Capabililities
elastic_admin	Role to assign to the Splunk admin role. The role allows for full access and to knowledge objects.	elastic_user elastic_adhoc elastic_query_list elastic_query_edit elastic_query_run	edit_elastic_instance
elastic_user	Role to assign to users requiring access to the Dashboards and Commands provided by the app. The role itself does not grant any access to instances or queries. Every instance and query has its own access control list.	user	list_elastic_instance list_storage_passwords
elastic_adhoc	Role to assign to users if they should be able to query the assigned Elasticsearch instances with ad-hoc queries. This allows the user to run arbitrary queries and should therefore only be assigned to users that are allowed to access any data that the configured Elasticsearch user sees.	elastic_user	run_elastic_adhoc
elastic_query_list	Role allowing access to the "Setup\Queries" Dashboard. Only queries that are assigned to a role that the user is a member of are visible to the user.	elastic_user	list_elastic_query
elastic_query_edit	Role allowing CRUD on the "Setup\Queries" Dashboard. Only queries that are assigned to a role that the user is a member of are editable.	elastic_query_list	edit_elastic_query
elastic_query_run	Allows to run saved queries using the "elasticquery" and "elasticadhocstat" commmand.	elastic_query_list	run_elastic_query

Capabilities

Capability	Description
list_elastic_instance	Allows to list instances configured in ElasticSPL
edit_elastic_instance	Allows CRUD on instances configured in ElasticSPL
list_elastic_query	Allows to list saved queries in ElasticSPL
edit_elastic_query	Allows CRUD on saved queries in ElasticSPL
run_elastic_query	Allows the usage of the commands elasticadhoc and elasticadhocstats
run_elastic_adhoc	Allows the usage of the commands elasticquery and elasticquerystats