Difference between User and Power User in Splunk
Like other Enterprise tools in the industry, Splunk also gives us the flexibility for the access control that means you can create user and set their password. In Splunk, basically all the permissions are given based on roles. Users are assigned to one or more roles. Roles contain certain set of permissions / capabilities.
Capability specifies what actions ( such as creating or deleting reports , dashboards , macros etc ) can be performed in the Splunk Enterprise. By default in Splunk Enterprise there are some predefined roles available.
To know more about users and roles click here : Splunk Users and Roles
We have seen a common questions from most of the employees that “What is the difference between user and power user ” OR “what are all things power users can do?“
So, today we will discuss about the difference between user and power user in Splunk. Before going to the comparison we will briefly discuss about these two roles.
power – This role has the capability to edit all the shared objects (reports, macros etc) alerts, tags, event types and other similar tasks, the number of capabilities is greater than the role user but less than the role admin.
user – This role is limited to create and edit its own objects, set its own preferences, run searches, create and edit event types, and other similar tasks.
So we have created a table to know the difference very easily.
|
SL NO
|
Subject
|
Power User (power) |
User (user) |
|
1
|
Report acceleration summaries
|
Power user has access to view the report acceleration summaries
|
User has no access to view the report acceleration summaries
|
|
2
|
Alert
|
Power user can create alert
|
User can’t create alert
|
|
3
|
Search
|
Power user can search data from any index
|
Without permission user can’t search index
|
|
4
|
Share Report
|
Power user can set permission for sharing a report
|
User can’t set permission for sharing a report
|
|
5
|
Schedule Report
|
Power user can set schedule for report
|
User can’t set schedule for report
|
|
6
|
Accelerate report
|
Power user can accelerate a report
|
User can’t accelerate a report
|
|
7
|
Ability
|
Power user can edit all shared objects and alerts, tag events, and other similar tasks
|
User can create and edit its own saved searches, run searches, can edit own preferences
|
|
8
|
Event types
|
Power user can create and set sharing permission for event types
|
User can create but can’t set sharing permission for event types
|
|
9
|
Tags
|
Power user can create and set sharing permission for tags
|
User can create but can’t set sharing permission for tags
|
|
10
|
Field alias
|
Power user can create and set sharing permission for field alias
|
User can create but can’t set sharing permission for field alias
|
|
11
|
Calculated fields
|
Power user can create and set sharing permission for calculated fields
|
User can create but can’t set sharing permission for calculated fields
|
|
12
|
Field extraction
|
Power user can create and set sharing permission for field extraction
|
User can create but can’t set sharing permission for field extraction
|
|
13
|
Field transformation
|
Power user can create and set sharing permission for field extraction field transformation
|
User can create but can’t set sharing permission for field transformation
|
|
14
|
Lookup table files
|
Power user can create and set sharing permission for field extraction lookup table files
|
User can create but can’t set sharing permission for lookup table files
|
|
15
|
Lookup definition
|
Power user can create and set sharing permission for field extraction lookup definition
|
User can create but can’t set sharing permission for lookup definition
|
|
16
|
Automatic lookup
|
Power user can create and set sharing permission for field extraction automatic lookup
|
User can create but can’t set sharing permission for automatic lookup
|
|
17
|
Macros
|
Power user can create and set sharing permission for field extraction macros
|
User can create but can’t set sharing permission for macros
|
Hope you have understood the difference between user and power user in Splunk.
Happy Splunking !!!
