Dashboards & Visualizations

Best Practice for allowing a user to view dashboard, but not search

agentguerry
Path Finder

Is there a best practice/method to accomplish the following?

We would like to create an user that has very limited role.

Log in, and view only specified dashboards.
But explicitly DENY them the right to search.
The dashboards we want them to have access to does have real time data searches.

What I have tried:

1.
I have tried creating a role (dashboards_only) that only allowed:
change_own_password
get_metadata
rest_properties_get
search
rtsearch

but that still allows them to use the search and reporting app, to do searches.

2.
If i take away search and rtsearch from that role, then the dashboards do not grab any data.

3.
Changed the permissions on the "search and reporting" app to not allow "dashboards_only" role to read/write.
But that also breaks the queries on the dashboards.

Any thoughts on accomplishing this?

0 Karma

adonio
Ultra Champion

create an app for the dashboards only, and make sure you set the navigation menu to include links or dropdowns to the views only
allow the role to look only in this app,
you can also remove the "open in search" and other buttons on the panels so itll be just a "Users TV"

hope it helps

Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...