I'm trying to allow users to have a limited search against indexes they don't have access to. This might very well be the problem (and maybe it's not possible), but I'm hoping the solution below should work and I'm simply missing a user capability/permission (unrelated to the index access) somewhere. Set up a saved search (using variables) to run as the owner (user 'A' that does have access to the indexes). Set up a dashboard to receive those variables and pass them along to a search panel using a search similar to '| savedsearch searchname var1=$v1$ var2=$v2$' . The dashboard works when running as the user with access to the indexes (user 'A'), so the search and variable passthrough appear to be working. When I run as a test user (with only default 'user' Splunk capabilities, no index access) I get no results. Is what I am trying to accomplish possible? If it is, does anyone have any guidance on what I might be doing wrong? I asked this in the community Slack as well. I'm trying to avoid a summary index if possible as the long term goal is to have multiple users (without index permissions) be able to run the search specific to them without allowing each user access to all other users' searches. An example scenario is viewing a users web history as seen from a firewall or secure web gateway (allows vs blocks), and limiting the search to a logged in user ($env:user$). This could also be used by a support center (group of users) doing first level troubleshooting who might not need access to all the logs available in an index.  ... View more