Hello,
please I would like to know if and how is possible to define/create a user that has only the capability to navigate through the Splunk Distributed Management Console, without the possibility to make any changes.
The user should not be able to do anything else, other than viewing DMC dashboards: he should be like a "read only" admin.
Thanks in advance and kind regards.
You can create a new role and via default.meta give that role read access. But for any of the dashboards to populate that role will also need multiple capabilities, including search. That role will also need access to specific indexes. Which, by your request, will not accomplish what you want. I'm sure there would be a way of recreating the DMC dashboards in a custom made app, that would remove any navigation capabilities outside of the dashboards you want the user to see. I have a feeling that may be way more effort than its worth to do that.
The short version is, I don't know a quick solution or even a moderately easy solution. Keep in mind the DMC accesses a lot of data from many sources. Keep in mind for any search to work the user has to have access to search in addition to the indexes that hold the data.
Have you tried using roles to define exactly what the users can do and then grouping them into those roles?
There is more information here about user role capabilities. You should be able to limit what they can do to only allow them to view the DMC dashboards and do nothing else. You can even set the search jobs limit so that they cannot search otherwise.
I hope this helps!