Knowledge Management

summary index & permissions

Explorer

I've created a scheduled report that runs and populates a summary index.

From the admin account everything down to the dashboard using the query works fine.

Other users can't seem to see any of the data in the summary table, others get "No results found."

I was hoping to avoid giving them access to run the si report, to prevent multiple un-scheduled collections. In this particular case the owner of the si report is actually the report user, I had changed the permissions after the fact.

A few questions:

  • Is permission information stored in a tag for the summary index data itself?
  • Is it created at population time?
  • Is there any way to correct it or allow rights to other users? (they already have the role and auth from the role UI).

Thanks in advance.

0 Karma

Explorer

Solved. Be wary of the "Restrict Search Terms" option in user or role configuration. It applies to summary indexes.

Explorer
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!