Hi @justindett,
one question: do you want to limit the access to
?
in the second case, if you want to put some limitation to the accessible events, you could add a Restriction to one role [Settings > Roles < Restriction].
If instead you want to pertit to some users the access only to a part of an events (e.g. some fields but not all the event), it isn't possible in general.
The workaround is creating a dedicated dashboard that displays only the permitted fields and "open in search" feature is disabled.
Ciao.
Giuseppe
Hi Guiseppe,
My initial response was to create dedicated dashboards as you mentioned as well. But thought perhaps someone had another idea.
Basically all users belong to the same role, they can see all events for index=api.
But the admin would like to limit access to the org field.
So some users can only see org=x and some can only see org=y
Gi @justindett,
as I said, it's possible to limit the access to some filtered events of an index using Restrictions, but the only way to don't display a part of an event is to create a dedicated dashboard that displays only the fields to display and remembering to disable the "Open in search" feature that permits to see the raw events.
Otherwise, you could create a Summary index containing only the fields that those users can see and giving access to them to this summary index instead the full index.
Ciao.
Giuseppe