Atlas Capabilities & Permissions
Atlas leverages 4 built-in Splunk Roles that automatically assign Splunk permissions in order to use features effectively. This page will break down what capability and permissions each role is prescribed for the benefit of Splunk admins.
Role Overview
Atlas provides a role-based access control system with four distinct roles that determine what users can access and modify within the platform:
| Role | Description |
|---|
| Basic User | Limited access to Atlas home page. Does not count as a License Seat. |
| Atlas Viewer | Basic read-only access to most Atlas Elements. Can view dashboards, reports, and metrics but cannot create or modify content. |
| Atlas Creator | All Viewer permissions plus the ability to create and modify content within most Atlas Elements. Cannot perform administrative functions. |
| Atlas Admin | Full access to all Atlas Elements, including administrative functions, configuration settings, and the ability to assign roles to other users. Splunk Admins can only be assigned Atlas Admins. |
Atlas Viewers, Creators, and Atlas Admins all count as one seat use in a Seat Based license.
Role Capability Matrix
The following table outlines the key Splunk capabilities assigned to each Atlas role, which enable core functionality across the platform:
| Capability | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin | Used For |
|---|
edit_log_alert_event | ✓ | ✓ | ✓ | ✓ | Atlas logs |
list_deployment_server | | ✓ | ✓ | ✓ | Forwarder Awareness |
_internal index access | ✓ | ✓ | ✓ | ✓ | Most Atlas Elements |
_audit index access | ✓ | ✓ | ✓ | ✓ | Search Library, Data Utilization, PCA |
schedule_search | | | ✓ | ✓ | Scheduling Assistant |
dispatch_rest_to_indexers | | | ✓ | ✓ | App Awareness, Scheduling Assistant |
list_search_head_clustering | | | ✓ | ✓ | App Awareness |
list_dist_peer | | | ✓ | ✓ | Data Management inventory, server selection |
_introspection index access | | | ✓ | ✓ | Migration Helper, Scheduling Assistant |
edit_user | | | | ✓ | User role assignment |
admin_all_objects | | | | ✓ | Access to all Knowledge Objects |
Permissions By Atlas Element
Atlas Core
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| View Settings | | ✓ | ✓ | ✓ |
| View License Configuration | | ✓ | ✓ | ✓ |
| Manage License | | | | ✓ |
| View User Configuration | | Self only | Self only | ✓ |
| Edit User Configuration | | | | ✓ |
| View Target Configuration | | ✓ | ✓ | ✓ |
| Edit Target Configuration | | | | ✓ |
| View Activity Monitor | | ✓ | ✓ | ✓ |
App Awareness
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View utilization for accessible apps | | ✓ | ✓ | ✓ |
| View utilization for all apps | | | | ✓ |
| Modify App Configuration | | | | ✓ |
Data Management
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Data Inventory | | ✓ | ✓ | ✓ |
| Edit Data Definition (own) | | | ✓ | ✓ |
| Edit Data Definition (all) | | | | ✓ |
| Create Data Requests | | ✓ | ✓ | ✓ |
| View Data Requests | | ✓ | ✓ | ✓ |
| View Ownership Report | | ✓ | ✓ | ✓ |
Forwarder Awareness
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Forwarder Groups | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Forwarder Groups | | | ✓ | ✓ |
| Use Forwarder Report Dashboard | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Forwarder Alerts | | | ✓ | ✓ |
Monitor
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Monitor Groups | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Monitor Groups | | | ✓ | ✓ |
| View Data Watches | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Data Watches | | | ✓ | ✓ |
Scheduling Assistant
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | | ✓ | ✓ |
| View Owned Search Schedules | | | ✓ | ✓ |
| View All Search Schedules | | | | ✓ |
| Change Search Schedule (owned) | | | ✓ | ✓ |
| Change Search Schedule (all) | | | | ✓ |
| Disable Search (owned) | | | ✓ | ✓ |
| Disable Search (all) | | | | ✓ |
| View Scheduler Information | | | ✓ | ✓ |
| Run/Apply Autobalancer | | | | ✓ |
Search Library
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| Add Search to Library | | ✓ | ✓ | ✓ |
| Edit Search (owned) | | ✓ | ✓ | ✓ |
| Edit Search (all) | | | ✓ | ✓ |
| Delete Search (owned) | | | ✓ | ✓ |
| Delete Search (all) | | | ✓ | ✓ |
| Submit Search for Approval | | ✓ | ✓ | ✓ |
| Approve Search | | | ✓ | ✓ |
| View Search Activity | | ✓ | ✓ | ✓ |
Migration Helper
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | | ✓ | ✓ |
| View Migration Plan | | | ✓ | ✓ |
| Add Items to Migration Plan | | | ✓ | ✓ |
| Set Macros | | | | ✓ |
| Identify Local Knowledge Objects | | | | ✓ |
STIG Compliance
| Action | Basic User | Atlas Viewer | Atlas Creator | Atlas Admin |
|---|
| Access App | | ✓ | ✓ | ✓ |
| View Systems | | ✓ | ✓ | ✓ |
| Create/Edit/Delete Systems | | | | ✓ |
| Edit Target Information | | | ✓ | ✓ |
| Update Vulnerability | | | ✓ | ✓ |
| Create Target/STIG Library | | | ✓ | ✓ |
License Considerations
-
Enterprise License: All Splunk users automatically have access to Atlas with the Atlas Viewer role. Users can be assigned higher roles (Viewer, Creator, Admin) without counting against license limits.
-
Seat-based License: Only users explicitly assigned an Atlas role (Viewer, Creator, Admin) can access Atlas features, and each assigned user counts against the total seat limit. Users without an assigned Atlas role default to Basic User.