Atlas Capabilities & Permissions
To fully utilize all Atlas features, it is recommended for Atlas users to have specific Splunk capabilities and permissions assigned to their role in Splunk. The information in the tables below should be used as a guide for assigning Splunk user permissions to ensure that the Atlas platform functions as expected for all users.
If you need guidance for assigning capabilities to roles and users in Splunk or want to review what these capabilities do, that documentation can be found on Splunk's documentation site.
User Roles in Atlas
A role in Atlas defines what you capabilities and permissions you have within the Atlas platform. The three defined roles in Atlas are Administrator (Admin), Power User, and User. These roles generally align with the same Splunk roles but are used to control what visibility and abilities users have within the Atlas platform. Use the information provided in the tables below to set your Splunk permissions to ensure that the Atlas user experience is correct for each user role.
Splunk Capabilities & Permissions Required for Atlas Administrators
Required Splunk Capabilities for Atlas Administrators
| Splunk Capability Name | What you can do in Atlas |
|---|---|
| edit_log_alert_event | Log Atlas actions Update STIG Checklists in Atlas |
| dispatch_rest_to_indexers | Enable accuracy on Atlas dashboards in distributed Splunk environment |
| list_dist_peer | Enables Search Head selection for distributed search peers |
| list_search_head_clustering | App Awareness Version Tracking Functionality |
| list_deployment_server | Forwarder Awareness Base Functionality |
| schedule_search | Scheduling Assistant Base Functionality |
| admin_all_objects | Update App Metric Index Configurations Reassign Orphan Searches on Scheduling Inspector |
Required Splunk Index Permissions for Atlas Administrators
| Index Type | Index Name | Permission | Required for Atlas Element |
|---|---|---|---|
| Splunk Default Index | _internal | Read | App Awareness Data Management Forwarder Awareness Scheduling Assistant Search Library Migration Helper |
| Splunk Default Index | _audit | Read | Search Library Data Utilization |
| Splunk Default Index | _introspection | Read | Scheduling Assistant |
| Data Utilization Metric Indexes | [User Created] | Read | Data Utilization |
| STIG Compliance Metric Index | [User Created] | Read | STIG Compliance |
Splunk Capabilities & Permissions Required for Atlas Power Users
Required Permissions for Atlas Power Users
| Splunk Capability | Atlas Feature |
|---|---|
| edit_log_alert_event | Log Atlas actions Update STIG Checklists in Atlas |
| dispatch_rest_to_indexers | Enable accuracy on Atlas dashboards in distributed Splunk environment |
| list_dist_peer | Enables Search Head selection for distributed search peers |
| list_search_head_clustering | App Awareness Version Tracking Functionality |
| list_deployment_server | Forwarder Awareness Base Functionality |
| schedule_search | Scheduling Assistant Base Functionality |
Required Index Permissions for Atlas Power Users
| Index Type | Index Name | Permission | Required for Atlas Element |
|---|---|---|---|
| Splunk Default Index | _internal | Read | App Awareness Data Management Forwarder Awareness Scheduling Assistant Search Library Migration Helper |
| Splunk Default Index | _audit | Read | Search Library Data Utilization |
| Splunk Default Index | _introspection | Read | Scheduling Assistant |
| Data Utilization Metric Indexes | [User Created] | Read | Data Utilization |
| STIG Compliance Metric Index | [User Created] | Read | STIG Compliance |
Splunk Capabilities & Permissions Required for Atlas Users
Required Permissions for Atlas Users
This is a recommended list of capabilities and permissions that would empower users to use the Atlas Platform.
| Splunk Capability | Atlas Feature |
|---|---|
| edit_log_alert_event | Log Atlas actions Update STIG Checklists in Atlas |
| dispatch_rest_to_indexers | Enable accuracy on Atlas dashboards in distributed Splunk environment |
| list_dist_peer | Enables Search Head selection for distributed search peers |
| list_deployment_server | Forwarder Awareness Base Functionality |
| schedule_search | Scheduling Assistant Base Functionality |
Required Index Permissions for Atlas Users
| Index Type | Index Name | Permission | Required for Atlas Element |
|---|---|---|---|
| Splunk Default Index | _internal | Read | App Awareness Data Management Forwarder Awareness Scheduling Assistant Search Library Migration Helper |
| Splunk Default Index | _audit | Read | Search Library Data Utilization |
| Splunk Default Index | _introspection | Read | Scheduling Assistant |
| STIG Compliance Metric Index | [User Created] | Read | STIG Compliance |
Atlas Element Feature Accessibility Matrix
After an Atlas Admin, Power User, or User has the recommended capabilities and permissions set to meet the permissions listed above, they will be able to utilized the Atlas features listed in the matrix below.
General Atlas
| Feature | Admin | Power User | User |
|---|---|---|---|
| Atlas actions logged for audit reporting in Atlas Audit page | ✔️ | ✔️ | ✔️ |
Atlas Core
| Feature | Admin | Power User | User |
|---|---|---|---|
| Atlas Element tiles are usable and can open other Elements that user has access to | ✔️ | ✔️ | ✔️ |
| Atlas Core page layout can be modified in edit mode | ✔️ | ||
| Atlas Core Logo image can be changed | ✔️ | ||
| Atlas License can be viewed | ✔️ | ||
| Atlas License can be modified | ✔️ | ||
| Atlas Audit page is visible | ✔️ | ✔️ | ✔️ |
App Awareness
| Feature | Admin | Power User | User |
|---|---|---|---|
| App Utilization page is viewable NOTE: Application counts are impacted by a user's permission to see other Apps | ✔️ | ✔️ | ✔️ |
| App Tracking page is usable NOTE: Applications visible are impacted by a user's permission to see other Apps | ✔️ | ✔️ | ✔️ |
Data Management
| Feature | Admin | Power User | User |
|---|---|---|---|
| Data Inventory page is viewable | ✔️ | ✔️ | |
| Create Data Definitions | ✔️ | ✔️ | |
| Data Requests page is viewable | ✔️ | ✔️ | ✔️ |
| Create new Data Requests | ✔️ | ✔️ | ✔️ |
| Data Management page is viewable | ✔️ | ✔️ | |
| Manage data requests | ✔️ | ||
| View the Data Ownership report | ✔️ | ✔️ |
Data Utilization
| Feature | Admin | Power User | User |
|---|---|---|---|
| Data Utilization page is viewable | ✔️ | ✔️ | |
| Configuration page is viewable | ✔️ | ✔️ | |
| Select Splunk metric index for Element usage NOTE: Desired metric index must be created in Splunk | ✔️ | ||
| Execute a backfill operation for utilization data | ✔️ |
Forwarder Awareness
| Feature | Admin | Power User | User |
|---|---|---|---|
| Forwarder Group Overview page is viewable | ✔️ | ✔️ | ✔️ |
| Create, edit, and delete a Forwarder Group | ✔️ | ||
| View the Forwarder Awareness report page | ✔️ | ✔️ | ✔️ |
Monitor
| Feature | Admin | Power User | User |
|---|---|---|---|
| Monitor Group Overview page is visible | ✔️ | ✔️ | ✔️ |
| Create, Edit, Delete Monitor Groups from Monitor Group Overview page | ✔️ | ||
| Create, Edit, Delete Data Watches from Monitor Group Overview page | ✔️ | ||
| Monitor Report page is visible | ✔️ | ✔️ | ✔️ |
| Create, Edit, Delete Data Watches on Monitor Report page | ✔️ | ||
| Base Search dashboard loads and shows configured base searches | ✔️ | ✔️ | ✔️ |
| Base Searches can be configured on Base Search page | ✔️ | ||
| Configuration page is visible | ✔️ | ✔️ | ✔️ |
Scheduling Assistant
| Feature | Admin | Power User | User |
|---|---|---|---|
| Scheduling Assistant page is visible NOTE: Searches shown reflect sharing permissions | ✔️ | ✔️ | ✔️ |
| Reschedule a search NOTE: Searches shown reflect sharing permissions | ✔️ | ✔️ | ✔️ |
| Scheduling Activity page is visible | ✔️ | ||
| Execute a Concurrency Investigation on Scheduling Activity page | ✔️ | ||
| Scheduling Information is visible | ✔️ | ||
| Cron Helper page is visible | ✔️ | ✔️ | ✔️ |
Scheduling Inspector
| Feature | Admin | Power User | User |
|---|---|---|---|
| Scheduling Inspector page is visible NOTE: Searches shown reflect sharing permissions | ✔️ | ✔️ | ✔️ |
| Scheduled searches can be fixed using Scheduling Inspector automation | ✔️ | ✔️ | |
| Orphan Scheduled Searches dashboard loads and has accurate findings | ✔️ | ✔️ | |
| Orphan Sch. Searches can be res-assigned using automation | ✔️ |
Search Library
| Feature | Admin | Power User | User |
|---|---|---|---|
| Search Library page is visible | ✔️ | ✔️ | ✔️ |
| Add custom searches to Search Library | ✔️ | ||
| Add custom searches to pending search list | ✔️ | ✔️ | |
| Pending search page is visible | ✔️ | ✔️ | ✔️ |
| Custom Searches can be promoted from Pending to Approved | ✔️ | ||
| Modify the workflow to allow the pending search step to be skipped for all users using Search Library | ✔️ | ||
| Search Activity is visible | ✔️ | ✔️ | ✔️ |
| Searches on Search Activity dashboard can be added to the Search Library | ✔️ | ✔️ | ✔️ |
Splunk Migration Helper
| Feature | Admin | Power User | User |
|---|---|---|---|
| Set Environment Macros | ✔️ | ||
| Create Migration Plan | ✔️ | ||
| Track Migration Progress | ✔️ |
STIG Compliance
| Feature | Admin | Power User | User |
|---|---|---|---|
| System Overview page is visible | ✔️ | ✔️ | ✔️ |
| Create, Edit, and Delete systems on the System Overview page | ✔️ | ||
| Compliance Overview page is visible | ✔️ | ✔️ | ✔️ |
| STIG Viewer page is visible | ✔️ | ✔️ | ✔️ |
| Edit Checklist page is visible | ✔️ | ✔️ | ✔️ |
| Edit vulnerabilities on the Edit Checklist page | ✔️ | ✔️ | ✔️ |
| STIG Library page is visible | ✔️ | ✔️ | ✔️ |
| Checklists can be saved to a new or existing target | ✔️ | ✔️ | ✔️ |
| Checklist Audit dashboard is visible | ✔️ | ✔️ | ✔️ |
| Export Checklists | ✔️ | ✔️ | ✔️ |
| Search and Export Data page is visible | ✔️ | ✔️ | ✔️ |