Security models for Federated Search for Splunk
A service account activates different security models depending on whether your federated provider uses standard or transparent mode.
| Federated provider mode | Security model |
|---|---|
| Standard mode | The role-based access control permissions for the service account user on the federated provider determine what your local users can search on the federated provider. In addition, access to federated indexes is based on the roles of your local users, which allows you to restrict your local users' ability to search remote datasets on the federated provider. See Give your users role-based access control of federated indexes. |
| Transparent mode | The role-based access control permissions for your local users determine what your users can search on the federated provider, with the exception of remote indexes, the access to which is governed by the remote federated provider service account. In addition, to activate transparent mode federated search capabilities for the federated provider, the service account must have the fsh_manage capability. |
For more information about the standard and transparent federated provider modes, see About Federated Search for Splunk.