Best Practice for allowing a user to view dashboar...

agentguerry · ‎04-21-2020

Is there a best practice/method to accomplish the following?

We would like to create an user that has very limited role.

Log in, and view only specified dashboards.
But explicitly DENY them the right to search.
The dashboards we want them to have access to does have real time data searches.

What I have tried:

1.
I have tried creating a role (dashboards_only) that only allowed:
change_own_password
get_metadata
rest_properties_get
search
rtsearch

but that still allows them to use the search and reporting app, to do searches.

2.
If i take away search and rtsearch from that role, then the dashboards do not grab any data.

3.
Changed the permissions on the "search and reporting" app to not allow "dashboards_only" role to read/write.
But that also breaks the queries on the dashboards.

Any thoughts on accomplishing this?

adonio · ‎04-21-2020

create an app for the dashboards only, and make sure you set the navigation menu to include links or dropdowns to the views only
allow the role to look only in this app,
you can also remove the "open in search" and other buttons on the panels so itll be just a "Users TV"

hope it helps

Best Practice for allowing a user to view dashboard, but not search

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Best Practice for allowing a user to view dashboard, but not search

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey