SumoLogic
diff --git a/‎docs/manage/users-roles/roles/construct-search-filter-for-role.md‎
Lines changed: 4 additions & 38 deletions b/‎docs/manage/users-roles/roles/construct-search-filter-for-role.md‎
Lines changed: 4 additions & 38 deletions
diff --git a/‎docs/manage/users-roles/roles/create-manage-roles.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/manage/users-roles/roles/create-manage-roles.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/manage/users-roles/users/create-edit-users.md‎
Lines changed: 9 additions & 0 deletions b/‎docs/manage/users-roles/users/create-edit-users.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎static/img/users-roles/emulate-log-search-as-user.png‎
42 KB b/‎static/img/users-roles/emulate-log-search-as-user.png‎
42 KB
diff --git a/‎static/img/users-roles/select-emulate-log-search.png‎
35 KB b/‎static/img/users-roles/select-emulate-log-search.png‎
35 KB
@@ -8,51 +8,17 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 import RoleStacking from '../../../reuse/role-stacking-tip.md';
 
 This page describes how to define search filters for a role. These instructions apply to the **Search Filter** option in Step 6 of the [Create a role](/docs/manage/users-roles/roles/create-manage-roles/#create-a-role) procedure. 
-
-## Understanding search filters
-
-A search filter for a role defines what log data a user with that role can access. You can define a search filter using keywords, wildcards, metadata fields, and logical operators. Here is a simple role filter:
-
-```sql
-_sourceCategory=labs*
-```
-
-This filter grants access to logs whose `_sourceCategory` begins with the string “labs”. (Logs whose `_sourceCategory` don’t start with “labs” won’t be accessible.)
-
-When a user with this filter enters a query like:
-
-```sql
-_sourceCategory=labs/apache | parse "* --" as src_ip | count by src_ip | sort _count
-```
-
-Sumo Logic silently (it’s transparent to the user) adds the role filter to the beginning of the query with an `AND`:
-
-```sql
-_sourceCategory=labs* AND (_sourceCategory=labs/apache | parse "* --" as src_ip | count by src_ip | sort _count)
-```
-
-<!-- Hiding the following for work on DOCS-680
-The example above positively grants access to log data. You can do the opposite: explicitly deny access to data, with an exclamation point (!). For example:
-
-```
-!_sourceCategory=JobX*
-```
-
-The role filter above denies access to log data whose  `_sourceCategory` begins with “JobX”. (Access to log data with other source category values is not restricted.)
--->
-
-The examples above are simple: they involve a single role, and hence a single role filter. 
-
-Typically however, a Sumo Logic user will have multiple roles. If a user has multiple roles, Sumo Logic `OR`s the several role filters and prepends that expression to the user’s queries with an `AND`, as discussed in [Multiple role filters and filter precedence](#multiple-role-filters-and-filter-precedence).
 
 ## Search filter basics
 
-The sections below list search filter limitations, and describe how you can use keywords, wildcards, metadata, and logical operators in filters. 
+A search filter for a role defines what log data a user with that role can access. You can define a search filter using keywords, wildcards, metadata fields, and logical operators. 
 
-The explanations of the behavior of each example filter assume that no other role filters apply. In practice, you will likely assign multiple roles to users. After you understand the basics of how role filters work, see [Multiple role filters and filter precedence](#multiple-role-filters-and-filter-precedence).
+The explanations of the behavior of each example filter assume that no other role filters apply. In practice, you may assign multiple roles to users. After you understand the basics of how role filters work, see [Multiple role filters and filter precedence](#multiple-role-filters-and-filter-precedence).
 
 ### Search filter limitations
 
+The sections below list search filter limitations, and describe how you can use keywords, wildcards, metadata, and logical operators in filters. 
+
 * Role filters should include only keyword expressions or built-in metadata field expressions using these fields: `_sourcecategory`, `_collector`, `_source`, `_sourcename`, `_sourcehost`.
 * Using `_index` or `_view` in a role filter scope is not supported.
 * Role filters cannot include vertical pipes (`|`).
 
@@ -79,7 +79,7 @@ However, if a user is assigned multiple roles that each have different Index Acc
 
 ## Test a role's log access rights
 
-To test a role to see if it displays the expected log access behavior, select a role and click **Emulate log search**.
+To test a role to see if it displays the expected log access behavior, select a role and click **Emulate log search**. (You can also test a user. See [Test a user's log access rights](/docs/manage/users-roles/users/create-edit-users/#test-a-users-log-access-rights).)
 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic/). In the main Sumo Logic menu select **Administration > Users and Roles > Roles**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**. 
 1. Select a role. 
 
@@ -46,3 +46,12 @@ When you add or remove a role from a user, it can take about an hour for the RBA
 1. Select the row for the user you want to edit and choose **Edit** from the three-dot kebab options menu.
 1. An edit pane appears on the right side of the page. For information about edit options, see [Create a user](#create-a-user) above.
 1. After editing the user, click **Save**.
+
+## Test a user's log access rights
+
+A user's permissions in Sumo Logic are determined by the [roles the user is assigned](/docs/manage/users-roles/roles/add-remove-users-role/). After assigning roles to a user, you can test the user to see if it displays the expected log access behavior based on its assigned roles. (You can also test a role. See [Test a role's log access rights](/docs/manage/users-roles/roles/create-manage-roles/#test-a-roles-log-access-rights).)
+
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic/). In the main Sumo Logic menu select **Administration > Users and Roles > Users**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu select **Administration**, and then under **Users and Roles** select **Users**. You can also click the **Go To...** menu at the top of the screen and select **Users**. 
+1. Select a user. 
+1. Click **More Actions > Emulate log search**. The search will be emulated for the permissions of the user.<br/><img src={useBaseUrl('img/users-roles/select-emulate-log-search.png')} alt="Emulate log search for a user" style={{border: '1px solid black'}} width="200"/>
+1. Enter your search parameters in the log search emulation window. The search will return only what is allowed for the user.<br/><img src={useBaseUrl('img/users-roles/emulate-log-search-as-user.png')} alt="Emulate log search window" style={{border: '1px solid black'}} width="800"/>