Dashboards & Visualizations

Best Practice for allowing a user to view dashboard, but not search

agentguerry
Path Finder

Is there a best practice/method to accomplish the following?

We would like to create an user that has very limited role.

Log in, and view only specified dashboards.
But explicitly DENY them the right to search.
The dashboards we want them to have access to does have real time data searches.

What I have tried:

1.
I have tried creating a role (dashboards_only) that only allowed:
change_own_password
get_metadata
rest_properties_get
search
rtsearch

but that still allows them to use the search and reporting app, to do searches.

2.
If i take away search and rtsearch from that role, then the dashboards do not grab any data.

3.
Changed the permissions on the "search and reporting" app to not allow "dashboards_only" role to read/write.
But that also breaks the queries on the dashboards.

Any thoughts on accomplishing this?

0 Karma

adonio
Ultra Champion

create an app for the dashboards only, and make sure you set the navigation menu to include links or dropdowns to the views only
allow the role to look only in this app,
you can also remove the "open in search" and other buttons on the panels so itll be just a "Users TV"

hope it helps

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...