Capabilities control the level of access that roles have to various features in Splunk Enterprise Security. Use the Roles and capabilities page in Splunk Enterprise Security to review and change the capabilities assigned to a role.

1. On the Splunk Enterprise Security menu bar, select Configure.
2. Select All configurations and then select Roles and capabilities.
3. Select and deselect the check boxes to add and remove capabilities to a role. For example, select the ess_user check box for Edit saved views to allow users to edit saved views in the analyst queue.
4. Select Save.