Object permissions are an integral part of securing Apps and their knowledge objects. After all, we don't want the user causing issues in an App you spent hours tweaking, do we? No, that's what I thought. This is where permissions come into play. Splunk permissions are role-based, meaning that a user needs a specific role (either assigned by Splunk or via external authentication and authorization systems) to read or write the knowledge object. Permissions are controlled within the default.meta and local.meta files in your metadata folder in the App, and, as per normal Splunk precedence, the local.meta file will override any setting with a matching stanza in the default.meta file.

The configuration structure within the corresponding ...