| rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local
| fields title,srchIndexesAllowed
| rename srchIndexesAllowed as Indexes, title as Role | search Indexes=*
| rest /servicesNS/-/-/data/indexes count=0
| where disabled=0 | fields title | rename title as index | join index type=left
[ | rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local
| fields title,srchIndexesAllowed
| rename srchIndexesAllowed as index, title as role
| mvexpand index
| where NOT match(index,".*\*.*") ] | search role=*