I am trying to create a user account that can access one and only one apps and only view some dashboards within that apps. Nothing else.
What I have done so far:
1. Created a custom apps called myapps
2. published some dashboards within that apps
3. Crated a custom role called "dashboard_role"
4. Allowed the capabilities that are allowed in user role defined in the system. I am not comfortable with same privilege as user roles.
5. Created a user called dashboard_user and put this user in dashboard_role and assigned default apps to myapps
6. Allowed dashboard_user to myapps and "Search & Reporting" read permission from manage permission in apps.
7. Specified dashboards within this apps has everyone read permission
I have two questions:
If I remove permission for dashboard_role from "search & Reporting", user dashboard_user cannot login. Dashboard_user gets error message http 404. Do I really have to give permission to search & reporting to the dashboard_user?
What are the minimum capabilities required for the dashboard_role. I am not comfortable to giving same capabilities as user.
The minimum capabilities required for a dashboard user are rest_properties_get (without which they can event launch home screen) and search (every dashboard in turns runs a search, so needed).
If a user has these two capabilities and access to a default app, you can remove access to "Search and Reporting" app.[Just tested the same]
Regarding the 404 error said, either the default app is not set or the it was trying to launch "Search and Reporting" app, may be because it was on that app and logged out (this is where the permission was changed) and when logged back, it will try to take to same screen. You should see the error message for more details.
OK, I have removed all the capabilities except two you mentioned. I can login as dashboard_user as long as the dashboard_role has access to "search & Reporting". The moment I take the permission out for the above role from "search & reporting", user cannot login anymore. Error message "404 not found" and "Splunk cannot find the 'dashboards' view"
I noticed that even with only two capabilities dashboard_user (when allowed access in search & reporting, without which user cannot login) was able to create a new dashboard, which I certainly do not want for this user.
No. You're getting the error because the default app/dashboard unless otherwise specified for a user/role is the search app. You need to set the default app for your role to the one app they have access to.