Although there are some potential workarounds to the issue you describe, the short answer is that you cannot grant access to a datamodel without also granting access to the index. Datamodels are tied to indexes, therefore the searches are also tied to the indexes. This is especially true with accelerated datamodels. If a user attempts to pull search results from a datamodel that is either not accelerated, or the search is outside the range of acceleration, Splunk will default to a "normal" index search.
As I mentioned, there are some potential workarounds (and likely more options than I personally know), but the first solution that comes to mind is to create a scheduled search. Create the search, schedule it to run at a certain day/time, and use the results from this to populate your dashboard. In that scenario, the user does not need access to the index itself.
A better option, in my opinion, is to grant read only access to the index behind your dashboards, but disable access to the default search app. In that way, users will be able to see populated dashboards, but not be able to manipulate the URL in such a way that they can query the index directly.
... View more
Usually I do this to test/troubleshoot scripts in Splunk:
$SPLUNK_HOME/bin/splunk cmd /bin/bash
This will start a shell session with all Splunk environment settings. Then I start the script like this:
$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/XX/bin/X.py
This helps a lot to understand where and/or why scripts fail to run.
In addition I add logging lines into the script that will tell me variables being used and which step is being processed. You can add them like this:
logging.debug('what ever you want to show in the logfile')
Hope that helps ...
... View more