Module permissions

Permissions for SPL2-based apps are set by role and module.

Permissions for SPL2-based apps are set by module and app:

Module-level permissions are set by using the Splunk REST API endpoints.
App-level access is set in Splunk Web.

There are 3 types of module permissions that can be assigned to a role:

The execute permission enables the role to run a search.
The read permission enables the role to run a search and to see a module definition. The read permission supersedes the execute permission.
The write permission enables the role to perform create, update, and delete operations.

Default module permissions

When you create a module, regardless of your role, you are automatically given execute, read, and write permissions to modules that you create. Permissions for the module owner can't be revoked.

In an SPL2-based application, the admin and power roles have execute, read, and write permissions on all of the modules within that app.

If you are given access to an SPL2 app, you automatically have execute permission on all of the modules in the app, regardless of your role. This enables you to run the views that are exported from the _resources module in the app.

Only users with write permission on a module can grant access to that module. Module permissions are granted or revoked by using the SPL2 module permissions API endpoints. For details on the permissions endpoints, see the REST API Reference Manual:

Splunk Cloud Platform

See Endpoints for SPL2-based searches, modules, and applications

Splunk Enterprise

See Endpoints for SPL2-based searches, modules, and applications