Hi 

I am some confuse the documentation for Role Based Field Filtering as following. 

https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/planfieldfiltering

from the documentation, the restricted command (tstats) return sensitive data that a role with field filters might not be allowed to access and it is very risky that someone with malicious intentions tries to use them to circumvent role-based field filtering. 

it provide the workaround that assign one of two capability to role that have field filter. 

the one of capability is he run_commands_ignoring_field_filter.

here is my question, user_A have a role that include run_commands_ignoring_field_filter capability and configured field filtering and User_A run tstats to search information which include field that required masking, what happen in the result result? 

I wonder if it show sensitive data or making data ?

thank you in advanced. 

 These commands can return sensitive data that a role with field filters might not be allowed to access. They might pose a potential security risk for your organization if someone with malicious intentions tries to use them to circumvent role-based field filtering. As a result, the Splunk platform restricts these commands when used by people with roles that are configured with field filtering.