Security

how to restrict users group to access particular index only

saifuddin9122
Path Finder

Hello

we have two indexes (A,B) and i have 3 different groups.
1. admin
2. US-East-users
3. US-central-users

our goal is admin group members should have access to both indexes and US-East-users should have access to index A only US-central-users should have access to index B.

even the user in any group other than admin searches for index=* , they should get data from only the index to which they have access.

how should i implement this? can any one help me in doing so?

Thanks in Advance.

Tags (2)
0 Karma
1 Solution

adonio
Ultra Champion

hello saifuddin9122,
navigate to settings -> access controls -> roles -> US-East-users -> scroll all the way down -> add index A to the bottom box (restricted indexes) -> click save -> repeat for other roles

alt text

View solution in original post

adonio
Ultra Champion

hello saifuddin9122,
navigate to settings -> access controls -> roles -> US-East-users -> scroll all the way down -> add index A to the bottom box (restricted indexes) -> click save -> repeat for other roles

alt text

Get Updates on the Splunk Community!

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...