I know this is an old thread, but I still find the approach very interesting. I'm now using 6.2 - what parts of the answer will change? Will it even work now?
I know that
application.css is now in a different folder, and that
dashboard.css is used in most cases as a replacement - don't fully understand the difference yet. The link to "Remove access to Jobs and Alerts" is also a great one - will study it as well. However, the same question ("what should be changed in 6.2?") still applies :).
Thanks in advance!
If you want to restrict a certain role to a set of views, you should package them in a single app and then apply these 2 steps:
I can not speak for the first item because I've not done it yet (I'm currently busy trying to implement it).
For the second part, you should, for each view you're interested in:
These views will not display the AccountBar at the top (with the links you mention).
Here, I've given the most simple solution but there are 2 variants :
$SPLUNK_HOME/etc/apps/<application>/appserver/modules/AccountBar/and copy under this directory all files named
$SPLUNK_HOME/share/splunk/search_mrsparkle/modules/nav/AccountBar.*. Then you can edit the html of this component to completely change the appearance of the AccountBar (the syntax of this file is mako)
$SPLUNK_HOME/etc/apps/<application>/appserver/static/application.cssand override the styles used to display these links with visibility:hidden. I find this a relatively ugly solution but it's quick. Some more details available here.
1. I've implemented the first step described above by using standard "local.meta" configuration files. UI can probably be used too.
2. Be careful that customizing top elements of a view in Splunk 6 has been limited to only a few possibilities. We'll have to test if overriding these elements still works.