I want to create a role where the user is not able to search Splunk. They should only be able to view dashboards that have been pre-populated by scheduled searches.
Here is what you can do
Create a User Role, say read-only-user with following capabilities:-
change_own_password
get_metadata
rest_properties_get
search
Go to Manager Apps and for Sharing permission for app 'Search & Reporting', give read permission to all roles except 'read-only-user' role. By default Read is assigned to 'Everyone'
For Splunk Apps that user in role 'read-only-user' should access, change the home page from 'search' to appropriate dashboard. Otherwise, they'll get error while opening the App.
You should be all set.
List item
would this be an appropriate way to complete this?
https://answers.splunk.com/answers/550347/how-to-create-dashboard-app.html
Here is what you can do
Create a User Role, say read-only-user with following capabilities:-
change_own_password
get_metadata
rest_properties_get
search
Go to Manager Apps and for Sharing permission for app 'Search & Reporting', give read permission to all roles except 'read-only-user' role. By default Read is assigned to 'Everyone'
For Splunk Apps that user in role 'read-only-user' should access, change the home page from 'search' to appropriate dashboard. Otherwise, they'll get error while opening the App.
You should be all set.
List item