Hi @gcusello However, the authentication is based on the connection order. So if this sensitive user is authenticated based on the first group based on order, he/she will only be able to have the role to see the index mapped to the first group. I asked Splunk support officially on this and they do not have any idea/solution on this. Regards, Anton
... View more