Hi, we have a Splunk Server Instance and we have developed several custom app. To limit access we are creating custom roles to limit access only to the related custom app. All is working fine apart the saved search results visualization. Every time that the custom role user try to see a saved search the result is a "Web page not found".
I've already modified permission to grant the custom role on read and write, I've changed the savedsearches.conf of the custom app to work on dispatch as user and dispatch app the custom app.
I've also tried to change the capabilities for the custom role but seems that the only one that fix the issue is the admin_all_objects. But assigning this capability to custom user he will see all other apps so not fine.
Hi, today I found out that giving the Read permission to the custom role on Search & Reporting app the custom role can access the saved search available under the custom app. The remaining issue is that I'd not permit that the custom role can see the Search & Reporting app. I tried also to change the parameter ui_dispatch_view from search to custom app in savedsearches.conf but not working. Any suggestion?
Contingency 's solution is to give "Read" grant on Search & Reporting to the Custom Role and then remove only the grant to the "search" view of Search & Reporting. It's not the best way because custom role's users will still see the entry for Search & Reporting in app's list and will have a "Page not found" whenever they'll try to select that entry. Let me know if anybody have a better way to manage this situation.