Skip to main content
Version: Atlas v3.14

Atlas Capabilities & Permissions

To fully utilize all Atlas features, it is recommended for Atlas users to have specific Splunk capabilities and permissions assigned to their role in Splunk. The information in the tables below should be used as a guide for assigning Splunk user permissions to ensure that the Atlas platform functions as expected for all users.

If you need guidance for assigning capabilities to roles and users in Splunk or want to review what these capabilities do, that documentation can be found on Splunk's documentation site.

User Roles in Atlas

A role in Atlas defines what you capabilities and permissions you have within the Atlas platform. The three defined roles in Atlas are Administrator (Admin), Power User, and User. These roles generally align with the same Splunk roles but are used to control what visibility and abilities users have within the Atlas platform. Use the information provided in the tables below to set your Splunk permissions to ensure that the Atlas user experience is correct for each user role.

Splunk Capabilities & Permissions Required for Atlas Administrators

Required Splunk Capabilities for Atlas Administrators

Splunk Capability NameWhat you can do in Atlas
edit_log_alert_eventLog Atlas actions
Update STIG Checklists in Atlas
dispatch_rest_to_indexersEnable accuracy on Atlas dashboards in distributed Splunk environment
list_dist_peerEnables Search Head selection for distributed search peers
list_search_head_clusteringApp Awareness Version Tracking Functionality
list_deployment_serverForwarder Awareness Base Functionality
schedule_searchScheduling Assistant Base Functionality
admin_all_objectsUpdate App Metric Index Configurations
Reassign Orphan Searches on Scheduling Inspector

Required Splunk Index Permissions for Atlas Administrators

Index TypeIndex NamePermissionRequired for Atlas Element
Splunk Default Index_internalReadApp Awareness
Data Management
Forwarder Awareness
Scheduling Assistant
Search Library
Migration Helper
Splunk Default Index_auditReadSearch Library
Data Utilization
Splunk Default Index_introspectionReadScheduling Assistant
Data Utilization Metric Indexes[User Created]ReadData Utilization
STIG Compliance Metric Index[User Created]ReadSTIG Compliance

Splunk Capabilities & Permissions Required for Atlas Power Users

Required Permissions for Atlas Power Users

Splunk CapabilityAtlas Feature
edit_log_alert_eventLog Atlas actions
Update STIG Checklists in Atlas
dispatch_rest_to_indexersEnable accuracy on Atlas dashboards in distributed Splunk environment
list_dist_peerEnables Search Head selection for distributed search peers
list_search_head_clusteringApp Awareness Version Tracking Functionality
list_deployment_serverForwarder Awareness Base Functionality
schedule_searchScheduling Assistant Base Functionality

Required Index Permissions for Atlas Power Users

Index TypeIndex NamePermissionRequired for Atlas Element
Splunk Default Index_internalReadApp Awareness
Data Management
Forwarder Awareness
Scheduling Assistant
Search Library
Migration Helper
Splunk Default Index_auditReadSearch Library
Data Utilization
Splunk Default Index_introspectionReadScheduling Assistant
Data Utilization Metric Indexes[User Created]ReadData Utilization
STIG Compliance Metric Index[User Created]ReadSTIG Compliance

Splunk Capabilities & Permissions Required for Atlas Users

Required Permissions for Atlas Users

This is a recommended list of capabilities and permissions that would empower users to use the Atlas Platform.

Splunk CapabilityAtlas Feature
edit_log_alert_eventLog Atlas actions
Update STIG Checklists in Atlas
dispatch_rest_to_indexersEnable accuracy on Atlas dashboards in distributed Splunk environment
list_dist_peerEnables Search Head selection for distributed search peers
list_deployment_serverForwarder Awareness Base Functionality
schedule_searchScheduling Assistant Base Functionality

Required Index Permissions for Atlas Users

Index TypeIndex NamePermissionRequired for Atlas Element
Splunk Default Index_internalReadApp Awareness
Data Management
Forwarder Awareness
Scheduling Assistant
Search Library
Migration Helper
Splunk Default Index_auditReadSearch Library
Data Utilization
Splunk Default Index_introspectionReadScheduling Assistant
STIG Compliance Metric Index[User Created]ReadSTIG Compliance

Atlas Element Feature Accessibility Matrix

After an Atlas Admin, Power User, or User has the recommended capabilities and permissions set to meet the permissions listed above, they will be able to utilized the Atlas features listed in the matrix below.

General Atlas

Feature                                                      AdminPower UserUser
Atlas actions logged for audit reporting in Atlas Audit page✔️✔️✔️

Atlas Core

Feature                                                                        AdminPower UserUser
Atlas Element tiles are usable and can open other Elements that user has access to✔️✔️✔️
Atlas Core page layout can be modified in edit mode✔️
Atlas Core Logo image can be changed✔️
Atlas License can be viewed✔️
Atlas License can be modified✔️
Atlas Audit page is visible✔️✔️✔️

App Awareness

Feature                        AdminPower UserUser
App Utilization page is viewable
NOTE: Application counts are impacted by a user's permission to see other Apps
✔️✔️✔️
App Tracking page is usable
NOTE: Applications visible are impacted by a user's permission to see other Apps
✔️✔️✔️

Data Management

Feature                        AdminPower UserUser
Data Inventory page is viewable✔️✔️
Create Data Definitions✔️✔️
Data Requests page is viewable✔️✔️✔️
Create new Data Requests✔️✔️✔️
Data Management page is viewable✔️✔️
Manage data requests✔️
View the Data Ownership report✔️✔️

Data Utilization

Feature                        AdminPower UserUser
Data Utilization page is viewable✔️✔️
Configuration page is viewable✔️✔️
Select Splunk metric index for Element usage
NOTE: Desired metric index must be created in Splunk
✔️
Execute a backfill operation for utilization data✔️

Forwarder Awareness

Feature                        AdminPower UserUser
Forwarder Group Overview page is viewable✔️✔️✔️
Create, edit, and delete a Forwarder Group✔️
View the Forwarder Awareness report page✔️✔️✔️

Monitor

Feature                        AdminPower UserUser
Monitor Group Overview page is visible✔️✔️✔️
Create, Edit, Delete Monitor Groups from Monitor Group Overview page✔️
Create, Edit, Delete Data Watches from Monitor Group Overview page✔️
Monitor Report page is visible✔️✔️✔️
Create, Edit, Delete Data Watches on Monitor Report page✔️
Base Search dashboard loads and shows configured base searches✔️✔️✔️
Base Searches can be configured on Base Search page✔️
Configuration page is visible✔️✔️✔️

Scheduling Assistant

Feature                        AdminPower UserUser
Scheduling Assistant page is visible
NOTE: Searches shown reflect sharing permissions
✔️✔️✔️
Reschedule a search
NOTE: Searches shown reflect sharing permissions
✔️✔️✔️
Scheduling Activity page is visible✔️
Execute a Concurrency Investigation on Scheduling Activity page✔️
Scheduling Information is visible✔️
Cron Helper page is visible✔️✔️✔️

Scheduling Inspector

Feature                        AdminPower UserUser
Scheduling Inspector page is visible
NOTE: Searches shown reflect sharing permissions
✔️✔️✔️
Scheduled searches can be fixed using Scheduling Inspector automation✔️✔️
Orphan Scheduled Searches dashboard loads and has accurate findings✔️✔️
Orphan Sch. Searches can be res-assigned using automation✔️

Search Library

Feature                        AdminPower UserUser
Search Library page is visible✔️✔️✔️
Add custom searches to Search Library✔️
Add custom searches to pending search list✔️✔️
Pending search page is visible✔️✔️✔️
Custom Searches can be promoted from Pending to Approved✔️
Modify the workflow to allow the pending search step to be skipped for all users using Search Library✔️
Search Activity is visible✔️✔️✔️
Searches on Search Activity dashboard can be added to the Search Library✔️✔️✔️

Splunk Migration Helper

Feature                        AdminPower UserUser
Set Environment Macros✔️
Create Migration Plan✔️
Track Migration Progress✔️

STIG Compliance

Feature                        AdminPower UserUser
System Overview page is visible✔️✔️✔️
Create, Edit, and Delete systems on the System Overview page✔️
Compliance Overview page is visible✔️✔️✔️
STIG Viewer page is visible✔️✔️✔️
Edit Checklist page is visible✔️✔️✔️
Edit vulnerabilities on the Edit Checklist page✔️✔️✔️
STIG Library page is visible✔️✔️✔️
Checklists can be saved to a new or existing target✔️✔️✔️
Checklist Audit dashboard is visible✔️✔️✔️
Export Checklists✔️✔️✔️
Search and Export Data page is visible✔️✔️✔️