Atlas Capabilities & Permissions
Atlas leverages 4 built-in Splunk Roles that automatically assign Splunk permissions in order to use features effectively. This page breaks down the capabilities and feature access associated with each Atlas role.
Role Overview
Atlas provides a role-based access control system with four distinct roles that determine what users can access and modify within the platform:
| Role | Description |
|---|
| No Access | No Atlas feature access. Does not count as a License Seat. |
| Atlas Viewer | Read-focused access to Atlas features. Can review dashboards, reports, and metrics, and has limited Search Hub action access based on ownership and Splunk permissions. Does not count as a License Seat. |
| Atlas Creator | All Viewer permissions plus the ability to create and modify content within supported Atlas features. Cannot perform Atlas administrative functions or manage users. |
| Atlas Admin | Full access to Atlas features, including administrative functions, configuration settings, and the ability to assign roles to other users. |
In a Seat-based license, only Atlas Creators and Atlas Admins consume seats when given access to Atlas. Atlas Viewers do not consume seats.
Role Capability Matrix
The following table outlines the key Splunk capabilities assigned to each Atlas role, which enable core functionality across the platform:
| Capability | No Access | Atlas Viewer | Atlas Creator | Atlas Admin | Used For |
|---|
edit_log_alert_event | | ✓ | ✓ | ✓ | Atlas logs |
list_deployment_server | | ✓ | ✓ | ✓ | Forwarder Awareness |
_internal index access | | ✓ | ✓ | ✓ | Most Atlas Features |
_audit index access | | ✓ | ✓ | ✓ | Data Hub, Search Library, Data Utilization, PCA |
schedule_search | | | ✓ | ✓ | Search Hub, Scheduling Assistant |
dispatch_rest_to_indexers | | | ✓ | ✓ | Search Hub, App Awareness, Scheduling Assistant |
list_search_head_clustering | | | ✓ | ✓ | App Awareness |
list_dist_peer | | | ✓ | ✓ | Data Hub, Data Management inventory, server selection |
_introspection index access | | | ✓ | ✓ | Search Hub, Migration Helper, Scheduling Assistant |
edit_user | | | | ✓ | User role assignment |
admin_all_objects | | | | ✓ | Access to all Knowledge Objects (Search Hub) |
Atlas feature access still depends on underlying Splunk permissions. Atlas roles determine which Atlas controls are available, while Splunk read and write access determine which searches, knowledge objects, or data a user can actually inspect or modify.
Permissions By Feature
Atlas Core
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| View Settings | | ✓ | ✓ | ✓ |
| View License Configuration | | ✓ | ✓ | ✓ |
| Manage License | | | | ✓ |
| View User Configuration | | Self only | Self only | ✓ |
| Edit User Configuration | | | | ✓ |
| View Target Configuration | | ✓ | ✓ | ✓ |
| Edit Target Configuration | | | | ✓ |
| View Activity Monitor | | ✓ | ✓ | ✓ |
Data Hub
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Data Inventory | | ✓ | ✓ | ✓ |
| Edit Data Definitions | | | ✓ | ✓ |
| View Data Utilization | | ✓ | ✓ | ✓ |
Search Hub
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Owned Searches | | ✓ | ✓ | ✓ |
| View Searches with Splunk Read Access | | | ✓ | ✓ |
| Edit Owned Searches | | ✓ | ✓ | ✓ |
| Edit Searches with Splunk Write Access | | | ✓ | ✓ |
| Use Fix It on Owned Searches | | ✓ | ✓ | ✓ |
| Bulk Search Actions | | | ✓ | ✓ |
| Ignore/Unignore Searches | | | ✓ | ✓ |
| Auto-Balance Searches | | | | ✓ |
| Reschedule Searches | | | ✓ | ✓ |
| Configure Search Hub | | | | ✓ |
| Create Search Governance Rules | | | ✓ | ✓ |
| Enable/Disable/Edit Search Governance Rules | | | ✓ | ✓ |
| View Search Governance Rules | | ✓ | ✓ | ✓ |
Search Hub access depends on both Atlas role and Splunk permissions:
- Atlas Viewers can see searches they own and can use Fix It on those owned searches.
- Atlas Viewers cannot use bulk actions or ignore searches.
- Atlas Creators can see all searches they have edit access to, can view searches they have read access to, and can edit only the searches they have write access to.
Atlas Admins are responsible for completing initial Search Hub setup and resolving unconfigured or misconfigured Search Hub states. Atlas Creators and Atlas Admins can manage Search Governance rules after Search Hub is available. Atlas Admins also have access to the powerful Rebalance Searches bulk capability.
Additional Atlas Elements
App Awareness
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View utilization for accessible apps | | ✓ | ✓ | ✓ |
| View utilization for all apps | | | | ✓ |
| Modify App Configuration | | | | ✓ |
Data Management
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Data Inventory | | ✓ | ✓ | ✓ |
| Edit Data Definition (own) | | | ✓ | ✓ |
| Edit Data Definition (all) | | | | ✓ |
| Create Data Requests | | ✓ | ✓ | ✓ |
| View Data Requests | | ✓ | ✓ | ✓ |
| View Ownership Report | | ✓ | ✓ | ✓ |
Forwarder Awareness
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Forwarder Groups | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Forwarder Groups | | | ✓ | ✓ |
| Use Forwarder Report Dashboard | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Forwarder Alerts | | | ✓ | ✓ |
Monitor
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Monitor Groups | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Monitor Groups | | | ✓ | ✓ |
| View Data Watches | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Data Watches | | | ✓ | ✓ |
Scheduling Assistant
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | | ✓ | ✓ |
| View Owned Search Schedules | | | ✓ | ✓ |
| View All Search Schedules | | | | ✓ |
| Change Search Schedule (owned) | | | ✓ | ✓ |
| Change Search Schedule (all) | | | | ✓ |
| Disable Search (owned) | | | ✓ | ✓ |
| Disable Search (all) | | | | ✓ |
| View Scheduler Information | | | ✓ | ✓ |
| Run/Apply Autobalancer | | | | ✓ |
Search Library
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| Add Search to Library | | ✓ | ✓ | ✓ |
| Edit Search (owned) | | ✓ | ✓ | ✓ |
| Edit Search (all) | | | ✓ | ✓ |
| Delete Search (owned) | | | ✓ | ✓ |
| Delete Search (all) | | | ✓ | ✓ |
| Submit Search for Approval | | ✓ | ✓ | ✓ |
| Approve Search | | | ✓ | ✓ |
| View Search Activity | | ✓ | ✓ | ✓ |
Migration Helper
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | | ✓ | ✓ |
| View Migration Plan | | | ✓ | ✓ |
| Add Items to Migration Plan | | | ✓ | ✓ |
| Set Macros | | | | ✓ |
| Identify Local Knowledge Objects | | | | ✓ |
STIG Compliance
| Action | No Access | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Systems | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Systems | | | | ✓ |
| Edit Target Information | | | ✓ | ✓ |
| Update Vulnerability | | | ✓ | ✓ |
| Create Target/STIG Library | | | ✓ | ✓ |
License Considerations
-
Enterprise License: All Splunk users automatically have access to Atlas with the Atlas Viewer role. Users can be assigned higher roles without seat-based license limits applying.
-
Seat-based License: Users explicitly assigned Atlas Creator or Atlas Admin, and given access, count against the total seat limit. Atlas Viewers do not count against the seat limit. Users without an assigned Atlas role default to No Access. Users with Creator or Admin roles, but not given access are interpreted as Atlas Viewers.