Prevent users from creating saved searches, dashbo...

coreyCLI · ‎02-06-2026

Users still need the capability to search but I do not want them to created anything, IE - dashboards, saved searches, alerts, etc, etc. Anywhere on the system. I am testing with Enterprise 10.2 and have removed a few edit_* capabilities but my test user can still create dashboards. I have a test role that is inheriting the default user role.

yuanliu · ‎02-12-2026

What is the harm? User's dashboards will only be visible by the user.

coreyCLI · ‎02-23-2026

Because we want to control all content that is created. To also prevent wasting resources and impacting overall performance. Running searches for discovery is fine but anything more we want to prevent where possible.

PickleRick · ‎02-23-2026

That's what limits and workload policies are for.

Prevent users from creating saved searches, dashboards, etc

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation