Solved: Is it possible to create a role-based search filte...

pkeller · ‎11-21-2016

We'd like to grant access to an additional index to a role, but we only want the members to be able to view 2 sourcetypes in that index.

I added a role called: foo_filtered
I added a search filter of: "service=Amazon OR service=Ebay" to that role
I gave that role access to an index named "vendor"

Their existing role foo_mail has access to search the "mail" and "spam" indexes.

So, when I add the foo_filtered role to their group, ALL searches (regardless of index) apply the filter. I only want the filter applied if they're searching the "vendor" index.

Is this even possible?
Thank you

masonmorales · ‎11-21-2016

This is not possible with the current version of Splunk, unfortunately. You can submit an enhancement request on the Support Portal and they might add it in the future though.

View solution in original post

masonmorales · ‎11-21-2016

This is not possible with the current version of Splunk, unfortunately. You can submit an enhancement request on the Support Portal and they might add it in the future though.

wryanthomas · ‎09-27-2019

Is this still true?

Is it possible to create a role-based search filter on a specific index?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Are you a member of the Splunk Community?

Is it possible to create a role-based search filter on a specific index?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming