The user can be authenticated locally by Splunk Phantom, or by using LDAP, OpenID, or SAML2. These user accounts can access Splunk Phantom but not the operating system of the virtual appliance. You can add users to Splunk Phantom from the Splunk Phantom web interface. See Manage roles and permissions in Splunk Phantom for more information about Splunk Phantom roles and the permissions provided by each role. Users with multiple roles have the sum of all the permissions allowed by those roles. Click on a user card and review the roles assigned to this user in the Roles field.Perform the following steps to view the permissions for a user: Only the default admin user can have special, hard-coded permissions outside of any roles. To grant permissions to a user, you assign a role with the desired permission. Click on the ellipsis (.) icon in the upper-right corner of each user card for additional options, such as viewing the user's effective permissions, editing the user, or deleting the user.Īll user permissions in Splunk Phantom are derived from the user's role.Use the filter in the View by field to sort the users by first name, last name, username, last accessed, and last created.Click the drop-down list in the Show field to view more or fewer user cards at a time.For information on how to use the REST API and authentication tokens, see Using the Splunk Phantom REST API reference in the Splunk Phantom REST API Reference.Ĭustomize the information you see on the Users page: However they do provide REST authentication tokens that can be used to read and write data to the REST backend and perform useful activities. The automation user and any other automation type users do not have passwords and can't log into the Splunk Phantom web interface. The automation user is a default internal service account used by Splunk Phantom for running automated playbooks and asset actions, such as data ingestion. Alice logs in with the short username, alice, while Susan logs in with the email-style username, The format of the username used depends on the identity provider being used. Users like Alice Smith and Susan Edwards have provided first and last names which are displayed next to their usernames.The other user cards show a vertical ribbon indicating the user type. The admin user is a local interactive user, and this user's card contains an icon with the letter "A".In this example, we can see the following information: The example below shows one of each type of user that can be configured in Splunk Phantom: The card for all other types of users contains a colored ribbon indicating the user type. The card for local interactive users contains an icon showing the user's initials or custom icon. Automation: The automation user is not counted towards the seat count of a seat-based license.Īn information card is shown for each user and contains information such as the user's full name, username last access data, and roles.The admin user is not counted towards the seat count of a seat-based license. Admin: This is the default admin account and cannot be disabled or deleted.On a new Splunk Phantom instance, the following default users are available: From the main menu, select Administration.Perform the following steps to access the Users page: View the Users page to see the users configured on your Splunk Phantom instance, add new users, or edit existing users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |