Restricting index access from apps



We have two separate analytic apps running in a single setup. Users should be able to access both the apps and view the dashboards present in them. However, currently it is possible for a user to search for data of an app using the search page of the other app.

For example, if we have two apps A and B using indexes indexA and indexB respectively, users are able to search for data contained in indexB from app A's search page.

We want to restrict this in such a way that a user searching in app A should be allowed access only to indexA and user searching in app B should be allowed to access only indexB.

Is this possible? If so, please let me know how it can be done.

Thanks in advance


Tags (2)
0 Karma


Hi Keerthana

kindly accept my ans. if it solves your problem...

0 Karma

Path Finder

couple of way.

from index side you create a index rectrict
Create a local account on add roles to users

accelerate_datamodel = enabled
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = ;_;_audit;_blocksignature;_internal;_introspection;_thefishbucket;adprod;adtest;aix;akamai;am_prod;am_test;bcoat_logs;citrix_licensing;citrix_licensing_alerts;coheren

0 Karma

New Member

As the answer provided by kml_uvce is the best solution in terms of security, I'm thinking in an alternative solution. It's considerably less secure and I wouldn't recommend it, I'm just trying to give you more choices.

If you don't want to force the user to logout and login again in order to change the app, you can mask the real index name with an automatic lookup as explained in As lookups can be isolated to an app, if the user doesn't know the real index name will not be able to search in it out of the app where the lookup is applied. You should also keep the indexes out of "indexes searched by default" in the rol/user config to avoid them appearing in the search statistics.

0 Karma


Create roles AUser and Buser under Settings->Access controls -> Roles ,give search index IndexA for AUser and IndexB for BUser and assign permissions of app A to role AUser and app B to Buser.
Assign respective users to role AUser and BUser under Settings->Access controls -> Users



I think this can not be achieved. The restrictions to the data are applied at a role level. If you have access to a index, you can search that index data from any app


Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...