User enablement is about motivating your users to learn and grow. When you provide an environment of incentive-driven access, you encourage users to explore and implement best practices, which adds value to the whole user community.
Guidelines for enabling users
To maximize user enablement, focus on these main principles:
- Incentive-driven user access
- User experience
- User roles and capabilities
Limit access until users complete education
Users often want to skip the required education. If you provide users with access and the information they need, this leaves them with little incentive to expand their own knowledge. Make sure users are motivated to learn best practices. This means limiting their access until they've completed certification and education. Once users have completed education, they can own and drive their own basic searching, as well as access capabilities for qualified users only. For recommended education requirements, see Setting roles and responsibilities.
Encourage customer-facing groups to explore value-add activities
Empowering users to become capable of manipulating data themselves leads to richer, dynamic insights. This better enables users to answer their own questions and make data-driven decisions.
Guidelines for managing user experience
Give each team their own workspace
Create an app for each team and set this as their default workspace. For more information, see Building user group workspaces.
Create a welcome page for each team
Set up a welcome page for each team to improve the user onboarding experience and facilitate easy access to the resources they need. To create welcome pages, download the Welcome Page Creator from Splunkbase. For more information, see Setting up a welcome page.
Hide all other apps
Remove read permissions for apps the user does not need or is not certified to use. As a general best practice, ensure that users are not distracted by other items deployed to the Splunk environment.
Guidelines for managing user roles and capabilities
Split roles and capabilities
Create roles based on data access and roles based on capabilities. This enables you to customize user access many ways without needing to create new roles. For more information about separating roles and access to capabilities, see Managing data based on role.
Consider limiting permissions for features such as acceleration, scheduled searches, and real-time searches. If necessary, use search limits. Limiting permissions optimizes your search capacity. When granting capabilities, consider whether the feature you are granting access to could impact Splunk performance in a recurring way, such as scheduled searches, report acceleration, or searches that exceed the Splunk timeout limit.