Dashboards & Visualizations

Best Practice for allowing a user to view dashboard, but not search

agentguerry
Path Finder

Is there a best practice/method to accomplish the following?

We would like to create an user that has very limited role.

Log in, and view only specified dashboards.
But explicitly DENY them the right to search.
The dashboards we want them to have access to does have real time data searches.

What I have tried:

1.
I have tried creating a role (dashboards_only) that only allowed:
change_own_password
get_metadata
rest_properties_get
search
rtsearch

but that still allows them to use the search and reporting app, to do searches.

2.
If i take away search and rtsearch from that role, then the dashboards do not grab any data.

3.
Changed the permissions on the "search and reporting" app to not allow "dashboards_only" role to read/write.
But that also breaks the queries on the dashboards.

Any thoughts on accomplishing this?

0 Karma

adonio
Ultra Champion

create an app for the dashboards only, and make sure you set the navigation menu to include links or dropdowns to the views only
allow the role to look only in this app,
you can also remove the "open in search" and other buttons on the panels so itll be just a "Users TV"

hope it helps

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...