Skip to main content
Question

SOC Status Dashboard showing "No Data Available" for Scoped/Restricted Users

  • March 4, 2026
  • 2 replies
  • 25 views
bilalqureshi00006
Forum|alt.badge.img+1

Hi everyone,

I’m struggling to get the SOC Status (Legacy) dashboard to display data for a user with limited permissions. Despite extensive configuration, the dashboard shows "No data available" or "Unknown widget" for the restricted user, while it works perfectly for an API Admin.

My Current Setup:

  • Custom IAM Role: I’ve created a role with 49+ permissions, including all chronicle.nativeDashboards.*, chronicle.dashboardCharts.*, chronicle.cases.get, and chronicle.events.udmSearch.

  • Data RBAC: I have assigned the Chronicle API Restricted Data Access role with an IAM condition pointing to a specific scope (dev-sec-ops).

  • SOAR Mapping: Inside SecOps Settings, I have mapped my custom IAM role to the Tier 1 SOC Role and the correct environment.

  • Goal: I want this user to see the SOC Status dashboard but remain restricted by their Data Access Scope (specifically, they should not see Google Workspace logs).

The Issue: The user can see the logs allowed by their scope in UDM search, but the SOC Status dashboard is blank.

I’ve read that SOAR data sources (Cases/Alerts) might be restricted to Global Users only. Is it currently impossible for a Scoped/Restricted User to view these legacy SOAR dashboards? If so, is there a workaround to show alert/case statistics that respect a Data Access Scope?

Would appreciate any insights from the community or the product team!

2 replies

hzmndt
Staff
Forum|alt.badge.img+11
  • hzmndt
  • Staff
  • March 5, 2026

@bilalqureshi00006   SOAR Dashboards (Legacy) - doesn’t use data RBAC 

Did check below perissions in your custom IAM role? 

  • chronicle.legacySoarDashboards.delete
  • chronicle.legacySoarDashboards.get
  • chronicle.legacySoarDashboards.update
    bilalqureshi00006
    Forum|alt.badge.img+1

    Following are the permission I used in custom roles for SOAR Dashboard in which I also added these three now. 

    • chronicle.legacySoarDashboards.delete
    • chronicle.legacySoarDashboards.get
    • chronicle.legacySoarDashboards.update

    With all these permission still dashboard is empty I have also assigned these specfic roles. 

    • Chronicle API Restricted Data Access (beta)

    • Chronicle API Restricted Data Access Viewer (beta)

    • Chronicle service viewer

    • SecOps UI Trigger (custom made)

    • Service Usage Consumer

     

    • chronicle.analytics.list
    • chronicle.attachments.get
    • chronicle.caseAlerts.get
    • chronicle.cases.countPriorities
    • chronicle.cases.generateReport
    • chronicle.cases.get
    • chronicle.collectors.list
    • chronicle.curatedRuleSetCategories.get
    • chronicle.curatedRuleSetCategories.list
    • chronicle.customLists.get
    • chronicle.dashboardCharts.get
    • chronicle.dashboardCharts.list
    • chronicle.dashboardQueries.execute
    • chronicle.dashboardQueries.get
    • chronicle.dashboardQueries.list
    • chronicle.dashboardScheduledReports.create
    • chronicle.dashboardScheduledReports.delete
    • chronicle.dashboardScheduledReports.duplicate
    • chronicle.dashboardScheduledReports.fetchHistory
    • chronicle.dashboardScheduledReports.get
    • chronicle.dashboardScheduledReports.list
    • chronicle.dashboardScheduledReports.trigger
    • chronicle.dashboardScheduledReports.update
    • chronicle.dashboards.copy
    • chronicle.dashboards.create
    • chronicle.dashboards.delete
    • chronicle.dashboards.edit
    • chronicle.dashboards.get
    • chronicle.dashboards.list
    • chronicle.dashboards.schedule
    • chronicle.dataAccessLabels.get
    • chronicle.dataAccessLabels.list
    • chronicle.dataAccessScopes.get
    • chronicle.dataAccessScopes.list
    • chronicle.entities.searchEntities
    • chronicle.entities.summarizeFromQuery
    • chronicle.entityRiskScores.queryEntityRiskScores
    • chronicle.events.batchGet
    • chronicle.events.get
    • chronicle.events.queryProductSourceStats
    • chronicle.events.searchRawLogs
    • chronicle.events.udmSearch
    • chronicle.events.validateQuery
    • chronicle.instances.get
    • chronicle.investigations.get
    • chronicle.investigations.list
    • chronicle.legacies.legacyFetchUdmSearchView
    • chronicle.legacies.legacyFindRawLogs
    • chronicle.legacies.legacyFindUdmEvents
    • chronicle.legacies.legacySearchCustomerStats
    • chronicle.legacies.legacySearchIngestionStats
    • chronicle.legacySoarDashboards.delete
    • chronicle.legacySoarDashboards.get
    • chronicle.legacySoarDashboards.update
    • chronicle.nativeDashboards.get
    • chronicle.nativeDashboards.list
    • chronicle.operations.get
    • chronicle.operations.list
    • chronicle.operations.streamSearch
    • chronicle.preferenceSets.get
    • chronicle.preferenceSets.update
    • chronicle.searchQueries.get
    • chronicle.searchQueries.list
    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.