Dashboards & Visualizations

Restrict user to view only specified dashboards in one apps only


I am trying to create a user account that can access one and only one apps and only view some dashboards within that apps. Nothing else.

What I have done so far:
1. Created a custom apps called myapps
2. published some dashboards within that apps
3. Crated a custom role called "dashboard_role"
4. Allowed the capabilities that are allowed in user role defined in the system. I am not comfortable with same privilege as user roles.
5. Created a user called dashboard_user and put this user in dashboard_role and assigned default apps to myapps
6. Allowed dashboard_user to myapps and "Search & Reporting" read permission from manage permission in apps.
7. Specified dashboards within this apps has everyone read permission

I have two questions:

  1. If I remove permission for dashboard_role from "search & Reporting", user dashboard_user cannot login. Dashboard_user gets error message http 404. Do I really have to give permission to search & reporting to the dashboard_user?
  2. What are the minimum capabilities required for the dashboard_role. I am not comfortable to giving same capabilities as user.
0 Karma

Revered Legend

The minimum capabilities required for a dashboard user are rest_properties_get (without which they can event launch home screen) and search (every dashboard in turns runs a search, so needed).

If a user has these two capabilities and access to a default app, you can remove access to "Search and Reporting" app.[Just tested the same]

Regarding the 404 error said, either the default app is not set or the it was trying to launch "Search and Reporting" app, may be because it was on that app and logged out (this is where the permission was changed) and when logged back, it will try to take to same screen. You should see the error message for more details.


Thank you for your response.

OK, I have removed all the capabilities except two you mentioned. I can login as dashboard_user as long as the dashboard_role has access to "search & Reporting". The moment I take the permission out for the above role from "search & reporting", user cannot login anymore. Error message "404 not found" and "Splunk cannot find the 'dashboards' view"

I noticed that even with only two capabilities dashboard_user (when allowed access in search & reporting, without which user cannot login) was able to create a new dashboard, which I certainly do not want for this user.

0 Karma

Splunk Employee
Splunk Employee
  1. No. You're getting the error because the default app/dashboard unless otherwise specified for a user/role is the search app. You need to set the default app for your role to the one app they have access to.
  2. I don't know, what capabilities are you uncomfortable with? They of course will need search, and probably the rest_properties_get capabilities. The remainder may or may not be needed by your dashboard, I don't know. You can read about capabilities here http://docs.splunk.com/Documentation/Splunk/latest/admin/authorizeconf
0 Karma


Thank you for responding to my post.

My intention is to restrict the dashboard_user to anything other than exclusively permitted dashboards, not even any additional searches.

For example, simple search string for two of my panels in the dashboard

sourcetype=cisco_wsa_squid | eval download=sc_bytes/1024/1024 | stats sum(download) by host

eventtype=ironport_proxy | eval MegaByte=sc_bytes/1048576 | stats max(MegaByte) by "Display Name" | sort limit=10 max(MegaByte) desc

How can I achieve this.

The default apps for the role is already "myapps" and myapps has everyone read permission.

0 Karma
Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...