This is what I would do as an alternative solution
1) go to localhost:8000/en-US/manager/launcher/data/ui/times
2) define custom time ranges for the roles
3) update the sharing permissions for other time ranges to exclude that role type
This will only display the time ranges that are available to the role
Method 2 (greater flexibility):
On the default app for the user, write up instructions about the capabilities each role has.
You can display the capability information panel based on the role type by executing a rest search
Thanks for your help, but these solutions cannot be applied to my case...
About method 1, the users need to perform historical searches (between this date time and this one, not just the last 24hours for example)
About method 2, I assume my users can easily forget what they read, and I dont want to be in the case where you ignore a message when you see it daily
The best mitigation I found for now is a custom dashboard where the user inputs the start date, select the search duration (1hour, 24 hours, etc), and then enter his query. The dashboard then specify the earliest and latest tags based on the user input, and then feed the user's query