How to restrict a user from access to the default Search & Reporting application?


Hi everyone,

I want to give access to a user so he can only view the selected application, but not "Search & Reporting" and other apps. I have read all other similar questions, but they didn't solved the problem. I can restrict access to all applications except "Search & Reporting".

To restrict access, I created a new role "guest" and assigned to it all the same capabilities that "user" role has. Then I created a new user with this role selected. After that I excluded this role from Apps>ManageApps>Permissions for all apps I don't want user to see. But when I remove user read access from "Search & Reporting" app, for some reason, the dashboard in my application stops to work - it shows only empty elements with N/As.

I have a single view application where the Nav file looks like this:

<nav color="#5379AF">
  <view name="application" default='true' />

The "application" view is located in the same application context and has read=Everyone, write=admin permissions.

Can be "Search & Reporting" application hidden somehow?

I work with Splunk Cloud, Splunk Version - 6.3.1511.2

Thank you for your help in advance!

0 Karma

Splunk Employee
Splunk Employee


By default only admin and power roles have write permission in the search app. So any user with read permission will be able to access search & reporting app and will be able to create reports and dashboards and can create private knowledge objects but they will not be able to share those to others. If you remove read access for search & reporting app, then those users will not be able to see search & reporting and also settings will be hidden for them.

To force your users to use particular app you could create roles for each department, map those users via LDAP or local auth and then set the default app context to their departmental app. If that's not feasible then you have to do some user education to get people out of the search app and into their departmental app if they are going to save knowledge objects.

You could also change the default app that the user sees upon logging into splunk by role or user: Settings --> Access Controls --> Roles|Users--> select the desired role --> Select a default app from the drop-down list under Default app.

0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...