Users
A Splunk Enterprise instance, as discussed in previous chapters, offers a variety of interfaces—namely, Splunk Web, the Splunk CLI, and RESTful APIs. All the interfaces must be secured by allowing users to log in securely through authentication and authorization. The authentication methods are explained at the very end of the chapter. Organizations can effectively manage user authorization by configuring roles, capabilities, object-level permissions, and Role-Based Access Control (RBAC) to align with individual users’ job responsibilities. Users are then able to perform administrative tasks (privileged users) or general user tasks (the creation of reports, alerts, dashboards, and so on) depending on the Splunk role assigned to them. A user must be assigned at least one role in Splunk. The following screenshot shows user management menu items on the Splunk Web home page, under Settings:
Figure 3.1: Splunk users and authentication management...
