Access Control
ElasticSPL shipps with a set of custom roles. It is advised to configure your existing roles to inherit from the default roles.
| Role | Description | Inheritance | Capabililities |
|---|---|---|---|
| elastic_admin | Role to assign to the Splunk admin role. The role allows for full access and to knowledge objects. | elastic_user elastic_adhoc elastic_query_list elastic_query_edit elastic_query_run | |
| elastic_user | Role to assign to users requiring access to the Dashboards and Commands provided by the app. The role itself does not grant any access to instances or queries. Every instance and query has its own access control list. | user | list_storage_passwords |
| elastic_adhoc | Role to assign to users if they should be able to query the assigned Elasticsearch instances with ad-hoc queries. This allows the user to run arbitrary queries and should therefore only be assigned to users that are allowed to access any data that the configured Elasticsearch user sees. | elastic_user | |
| elastic_query_list | Role allowing access to the Configuration Board. Only queries that are assigned to a role that the user is a member of are visible to the user. | elastic_user | |
| elastic_query_edit | Role allowing CRUD on the Configuration Board. Only queries that are assigned to a role that the user is a member of are editable. | elastic_query_list | |
| elastic_query_run | Allows to run saved queries using the "elasticquery" and "elasticadhocstat" commmand. | elastic_query_list |