I'd like to give certain user roles the ability to search data models. However, I don't want them to be able to view the data in search. Is this possible?
What, precisely, do you want them to be able to see?
What, precisely, do you NOT want them to be able to see?
A user role can be restricted in what it can look at. One of the easiest ways is by restricting the user's search to a particular index. If the sensitive data is not in the index and the model, then the user can't look at it.
You can also use apps to limit the precise searches that your users can perform.
On the other hand, if you want your users to be able to create ad hoc searches based on a field, but do NOT want them to be able to see that field, that's a bit more problematic.
In my case, I litterally want the users to only be able to search using data models, i.e. use pivot to search.
I do not want them to be able to use regular search without pivot.
I know I can restrict access to data using indexes, I already make heavy use of that method. In my organization I would like to create several classes of user, based on the capabilities rather than the data access rights of those users.
a knowledge manager user class, which corresponds with the power role
a business intelligence/it proffesional user class, which corresponds mostly with the user role
a business user class which corresponds with the role I would like to be able to only search using pivot
I got this idea from this document:
https://conf.splunk.com/session/2014/conf2014_DavidClawson_Splunk_WhatsNew.pdf 5th page/slide has a diagram.
I have the exact same question:
I would like to make a class of user that can only search data models, not use the regular search? Is that possible and how?