Solved: Is it possible to create a role-based search filte...

pkeller · ‎11-21-2016

We'd like to grant access to an additional index to a role, but we only want the members to be able to view 2 sourcetypes in that index.

I added a role called: foo_filtered
I added a search filter of: "service=Amazon OR service=Ebay" to that role
I gave that role access to an index named "vendor"

Their existing role foo_mail has access to search the "mail" and "spam" indexes.

So, when I add the foo_filtered role to their group, ALL searches (regardless of index) apply the filter. I only want the filter applied if they're searching the "vendor" index.

Is this even possible?
Thank you

masonmorales · ‎11-21-2016

This is not possible with the current version of Splunk, unfortunately. You can submit an enhancement request on the Support Portal and they might add it in the future though.

View solution in original post

masonmorales · ‎11-21-2016

This is not possible with the current version of Splunk, unfortunately. You can submit an enhancement request on the Support Portal and they might add it in the future though.

wryanthomas · ‎09-27-2019

Is this still true?

Is it possible to create a role-based search filter on a specific index?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...