Assign role-based access to a queue

Add a new queue
Assign role-based access to a queue.
  1. In Splunk Enterprise Security, select Configure and then Findings and investigations.
  2. Select Team queues.
  3. Locate the queue you want to assign access for, and then expand it using the expand icon ( ).
  4. Select the Roles tab.
  5. Select + Roles.
    Note: If you want to add a role for a team-based queue that's not in the list of available roles, you can create a new role in the Splunk platform. See Create and manage roles with Splunk Web in the Splunk Cloud Platform Admin Manual. After a role is deleted from the Splunk platform Roles page, it might still appear in the Splunk Enterprise Security team queue list until you re-save the roles list.
  6. Select and deselect the check boxes to add or remove roles with access to the queue.
    Note: To hide a queue completely, remove all the roles. You cannot delete a queue.
  7. (Optional) Make sure the Show advanced configuration options box is checked, and then use the resulting permission check boxes to grant more granular permissions for each role. For more details, see Permissions for team-based queues.
  8. Select Save.
Create conditions for a queue