Back to Floor
The Guard Tower • Room 2
Creating Custom Roles & Users
Custom roles let you tailor access precisely. Create them in Settings > Roles or in authorize.conf. Each role can inherit from multiple parent roles.
Key settings include: search filter (srchFilter) restricts what data a role can search, imported roles determine capability inheritance, and allowed indexes control which indexes the role has access to.
Users are created in Settings > Users or via CLI. Each user needs at least one role, a default app, and a timezone setting.
authorize.conf custom role
[role_security_analyst]
importRoles = user
srchFilter = index=security
srchIndexesAllowed = security;main
srchIndexesDefault = securityKnowledge Check
Prove your understanding to clear the room (Rewards XP)
Complete the authorize.conf stanza to create a role that inherits from "user" and can only search the "webdata" index:
[role_web_viewer]
importRoles =
srchFilter = index=
srchIndexesAllowed =
importRoles =
srchFilter = index=
srchIndexesAllowed =