Give your users role-based access control of remote datasets

Set up role-based access control for remote datasets so that users can access them with federated searches.

After you create a remote dataset for federated search purposes through the Data Management app, you must give your federated search users role-based access control of the dataset. If you do not do this, your users cannot run federated searches over the dataset.

You grant access to federated search datasets at the parent role level. Child roles inherit dataset access from their parent roles. Child roles cannot add dataset access beyond what they inherit from their parent.

If you use role hierarchies at your organization, you can set dataset access at the top parent role in each of those hierarchies. This is one way to arrange for different groups of users to have different kinds of remote dataset access.

For example, one parent role could have exclusive access to datasets containing restricted information, and all child roles of that parent role would also have access to those restricted datasets. Meanwhile you would have another parent role that provides less-restricted dataset access to all of the child roles beneath it, and so on.

  • You must have the sc_admin role.
  • You must have an remote dataset that was defined in the Data Management app. The dataset must support federated search.
  1. On your Splunk Cloud Platform deployment, in Splunk Web, select Settings and then select Roles.
  2. Select the name of a role that includes users who run federated searches over remote datasets, or that is a parent role for child roles that include such users.
    Note: The role you select cannot be a child role that inherits from other roles.
  3. Select the Unified Datasets tab.
  4. Locate the remote dataset that you want to share. Select Included for the dataset to allow users with this role (or users with child roles that inherit from this role) to see search results from that dataset.
    Note: If Included is not selected for any remote datasets, users with this role (and child roles that inherit from this role) cannot run federated searches over remote data.
  5. Select Save Role.
Users with roles that enable federated search of remote datasets can run federated searches of them. See Write and run federated searches over remote datasets with SPL2.