It is whenever they go to something using sideview module. I think this is problem with the lower privileged role. We have tabled this for the time being... will circle back when we revisit. Thanks for the feedback.

can you expand on "whenever the new role touches Sideview"? When they do what exactly? For example if this means "tries to use the Sideview Editor", that makes perfect sense and I can expand on that. If it means "navigates to a view using a Sideview module", then I'm stumped.

Thanks, will do.

PS. Sorry about that intermediate title. Someone changed... it to make it sound like I was asking a totally different question.

Well the most common problem with low-privilege roles in Splunk is that they don't have the "rest_properties_get" capability. This means pretty much any request to splunkd will die (such users are little more than passive owners-of-objects). Can you post how you've broken down the capabilities? It might also be "rest_apps_view" or a couple other ones that might seem skippable but are not.

It is definitely a problem with the newly defined role and not Sideview itself. This is our first custom lower access role. All other users are fine in and around Sideview... no need to post xml that is working.

Whenever the new role touches Sideview they get a 500 error, directly in Sideview app or attempting to use Sideview based interface in another app.

Can you give a little more detail? What does it say when it gives you error 500 (even it's just "Unknown Error")? Does it return a 500 when the user loads the page? or when users dispatch searches? Can you post the XML of the view? There are a number of 500 errors that boil down to something simple being accidentally omitted from the XML (and Splunk's framework having had some regressions over proper error state handling).