An update on this -- it turns out the problem is far worse than I thought as it applies to locally configured Splunk users too.

• Configure a user on Splunk with a role that has restricted search terms. In our case a filter that restricts them to only seeing their company’s data.
• User logs in and views dashboard. Can only see their data. Great.
• User schedules PDF generation for dashboard using Splunk’s built in PDF reporting. At the appropriate time a PDF is generated and e-mailed to the user.
• When the PDF is generated the user’s search restrictions are not applied. The user gets e-mailed a report containing data from all companies.

According to your title, users are scheduling the search. I also have the impression it's not possible to make "scheduled" search run as another user than "system" which basically has all permissions.

I've posted a somewhat related comment about savedsearches.conf - see http://docs.splunk.com/Documentation/Splunk/5.0.2/Admin/Savedsearchesconf. I've received an answer but must admit it was not entirely satisfying and I didn't follow it up very closely. I should probably raise this issue with support.

Hi. Any news on this? Were you able to raise this? Thanks!

I'm using native PDF support in 5.0.2, build 149561. Thanks!

A couple of questions:

What version of Splunk are you using?
How are you generating PDFs (through the native PDF support in 5.0+ or with the old PDF Report Server)?

Let me know, I would like to get this reported immediately. Based on your answers, I might make a minimal repro so that this can get escalated quickly.