Best Practice for allowing a user to view dashboar...

agentguerry · ‎04-21-2020

Is there a best practice/method to accomplish the following?

We would like to create an user that has very limited role.

Log in, and view only specified dashboards.
But explicitly DENY them the right to search.
The dashboards we want them to have access to does have real time data searches.

What I have tried:

1.
I have tried creating a role (dashboards_only) that only allowed:
change_own_password
get_metadata
rest_properties_get
search
rtsearch

but that still allows them to use the search and reporting app, to do searches.

2.
If i take away search and rtsearch from that role, then the dashboards do not grab any data.

3.
Changed the permissions on the "search and reporting" app to not allow "dashboards_only" role to read/write.
But that also breaks the queries on the dashboards.

Any thoughts on accomplishing this?

adonio · ‎04-21-2020

create an app for the dashboards only, and make sure you set the navigation menu to include links or dropdowns to the views only
allow the role to look only in this app,
you can also remove the "open in search" and other buttons on the panels so itll be just a "Users TV"

hope it helps

Best Practice for allowing a user to view dashboard, but not search

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?

Best Practice for allowing a user to view dashboard, but not search

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025