Hi Experts,
I have given access to one client by creating a specific index and APPs, but when he logs in, he some times navigates to the Search & reporting tab and creates some lookups. I want to restrict users to all objects under the APPS directory only. I tried to remove permission "global" for Search and Reporting, but after doing this, the user is not able to see his own dashboards, so I reverted the permission back.
Please help how we can achieve original requirement.
You can create a role and give permission to only your APP and assign the user to that role. If the user has created some dashboards in another app earlier, you can move those objects to the new app so that user will still be able to access them
https://docs.splunk.com/Documentation/WebLog/1.0/User/Setapplevelrolepermissions
You can set permission on individual objects (dashboards) as well