Object permissions are an integral part of securing Apps and their knowledge objects. After all, we don't want the user causing issues in an App you spent hours tweaking, do we? No, that's what I thought. This is where permissions come into play. Splunk permissions are role-based, meaning that a user needs a specific role (either assigned by Splunk or via external authentication and authorization systems) to read or write the knowledge object. Permissions are controlled within the
local.meta files in your
metadata folder in the App, and, as per normal Splunk precedence, the
local.meta file will override any setting with a matching stanza in the
The configuration structure within the corresponding ...