Module permissions
Permissions for SPL2 modules are set when you save the module.
Permissions for SPL2 modules are set when you save a module. Permissions are granted based on user roles.
- The
executepermission enables a role to run a search. - The
readpermission enables a role to run a search and to see a module definition. Thereadpermission supersedes theexecutepermission. - The
writepermission enables a role to perform create, update, and delete operations. Thewritepermission supersedes thereadpermission.
Default module permissions
When you create a module, regardless of your role, you are automatically given execute, read, and write permissions to modules that you create. Permissions for the module owner can't be revoked.
Changing module permissions
Only users with write permission on a module can grant access to that module.
You use the Modules page in the Search app to edit a module and change its permissions.
You can also use the SPL2 module permissions API endpoints to grant or revoke module permissions API. For details on the permissions endpoints, Endpoints for SPL2-based searches, modules, and applications in the REST API Reference Manual.
Application permissions
- Module-level permissions can be set through the Modules page in Splunk Web or by using the Splunk REST API endpoints.
- App-level access is set in Splunk Web.
If you are given access to an SPL2 app, you automatically have execute permission on all of the modules in the app, regardless of your role. This enables you to run the views that are exported from the _resources module in the app.
In an SPL2-based application, the admin and power roles have execute, read, and write permissions on all of the modules within that app.