Skip to main content
Version: Atlas v4.0

Atlas Capabilities & Permissions

Atlas leverages 4 built-in Splunk Roles that automatically assign Splunk permissions in order to use features effectively. This page will break down what capability and permissions each role is prescribed for the benefit of Splunk admins.

Role Overview

Atlas provides a role-based access control system with four distinct roles that determine what users can access and modify within the platform:

RoleDescription
Basic UserLimited access to Atlas home page. Does not count as a License Seat.
Atlas ViewerBasic read-only access to most Atlas Elements. Can view dashboards, reports, and metrics but cannot create or modify content.
Atlas CreatorAll Viewer permissions plus the ability to create and modify content within most Atlas Elements. Cannot perform administrative functions.
Atlas AdminFull access to all Atlas Elements, including administrative functions, configuration settings, and the ability to assign roles to other users. Splunk Admins can only be assigned Atlas Admins.

Atlas Viewers, Creators, and Atlas Admins all count as one seat use in a Seat Based license.

Role Capability Matrix

The following table outlines the key Splunk capabilities assigned to each Atlas role, which enable core functionality across the platform:

CapabilityBasic UserAtlas ViewerAtlas CreatorAtlas AdminUsed For
edit_log_alert_eventAtlas logs
list_deployment_serverForwarder Awareness
_internal index accessMost Atlas Elements
_audit index accessSearch Library, Data Utilization, PCA
schedule_searchScheduling Assistant
dispatch_rest_to_indexersApp Awareness, Scheduling Assistant
list_search_head_clusteringApp Awareness
list_dist_peerData Management inventory, server selection
_introspection index accessMigration Helper, Scheduling Assistant
edit_userUser role assignment
admin_all_objectsAccess to all Knowledge Objects

Permissions By Atlas Element

Atlas Core

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
View Settings
View License Configuration
Manage License
View User ConfigurationSelf onlySelf only
Edit User Configuration
View Target Configuration
Edit Target Configuration
View Activity Monitor

App Awareness

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View utilization for accessible apps
View utilization for all apps
Modify App Configuration

Data Management

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Data Inventory
Edit Data Definition (own)
Edit Data Definition (all)
Create Data Requests
View Data Requests
View Ownership Report

Forwarder Awareness

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Forwarder Groups
Create/Edit/Delete Forwarder Groups
Use Forwarder Report Dashboard
Create/Edit/Delete Forwarder Alerts

Monitor

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Monitor Groups
Create/Edit/Delete Monitor Groups
View Data Watches
Create/Edit/Delete Data Watches

Scheduling Assistant

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Owned Search Schedules
View All Search Schedules
Change Search Schedule (owned)
Change Search Schedule (all)
Disable Search (owned)
Disable Search (all)
View Scheduler Information
Run/Apply Autobalancer

Search Library

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
Add Search to Library
Edit Search (owned)
Edit Search (all)
Delete Search (owned)
Delete Search (all)
Submit Search for Approval
Approve Search
View Search Activity

Migration Helper

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Migration Plan
Add Items to Migration Plan
Set Macros
Identify Local Knowledge Objects

STIG Compliance

ActionBasic UserAtlas ViewerAtlas CreatorAtlas Admin
Access App
View Systems
Create/Edit/Delete Systems
Edit Target Information
Update Vulnerability
Create Target/STIG Library

License Considerations

  • Enterprise License: All Splunk users automatically have access to Atlas with the Atlas Viewer role. Users can be assigned higher roles (Viewer, Creator, Admin) without counting against license limits.

  • Seat-based License: Only users explicitly assigned an Atlas role (Viewer, Creator, Admin) can access Atlas features, and each assigned user counts against the total seat limit. Users without an assigned Atlas role default to Basic User.