Hello,
I have a saved search, running each day with the following output
Computer_Name | DPT | Install_status | Patch_ID
I have a dashboard in with a panel like this:
<panel>
<title>Windows Patch Management</title>
<single>
<title>Windows computers</title>
<search>
<query>| loadjob savedsearch="MyUser:MyApp:WindowsPatches"
| search $DPT$ | stats dc(Computer_Name)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
</single>
</panel>
I'm facing a little issue here, I can filter using a dropdown, that's the "| search $DPT$ " where $DPT$ is a dropdown of Departments with the following Token value prefix :
and the following Token value sufix
But I would like to reuse the "restricted search terms" of the user which is, for exemple : DPT="IT" in order to really restrict and not only visually. I didn't find a topic on how to retrieve this specific field, any ideas ?
Regards,
Do not use those search restrictions using search-time fields if the application is security-relevant, they're easily bypassed.
Similarly, do not use dashboard-based restrictions as those are under the control of the user's browser, and thereby easily bypassed as well.
If it's just a convenience case with no security implications you can use the currently logged in user's context via |rest
to load its roles and associated search filters.
Index permissions per role and saved searches running as owner for indexes the users should not have full access to.
Hi Martin,
Thanks for your answer. If I have security in mind, what are the function I should look into ?
Regards,