If I add the Dashboard permissions to a particular Role mapped to LDAP group, can they see the indexes used in the creation of the Dashboard, even though I don't add index permissions to that Role?
Hi ankithreddy777,
like @somesoni2 mentioned in comments above, no access to data / index -> empty dashboard. splunk will not search against an index you have no authority to look at.
Even though user may have permissions to dashboard, if they don't have access to the indexes being searched in the dashboard, they will not see any data. So, answer to your question is no, they can't see the indexes used in the creation (data) of the dashboard.
Somesoni,
They can't even see the data on the dashboard, if they don't have access to indexes.
If they don't have access to the index itself, the dashboard query will not return anything. (the base search itself would not give any data).
He/she will only be able to see data in panel which he/she can access.
you could lock down the dashboard enough so they can't see how it was created. lock down the 'open in search' and 'inspect search' options to ensure they wouldn't see it. if they have search options, they'd be able to open that up in search and see the query, though it might not run if they don't have permission to view it.
Thank you, how to lock down the both options mentioned above in a Dashboard?.