I can create a new lookup with the admin user and thus create a new collection. When I try to use another user which has permissions to write to the app I get a "You do not have permission to make a KV store collection" message.
I just tried to add rest_get and rest_set capabilities but does not work.
Update:
I've been performing some tests. When you create the lookup from the admin user it creates the collection under $SPLUNK_HOME/etc/apps/appsname/local/collections.conf and under the local.meta it sets the owner to admin user. I have not seen how to change the owner through the UI, so this collection is not usable by any user othen than admin.
The api is more specific and tells you need the admin_all_objects capability (aka an admin user)
$ curl -k -u poweruser:password -d name=mycollection https://localhost:8089/servicesNS/nobody/myapp/storage/collections/config
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">You (user=poweruser) do not have permission to perform this operation (requires capability: admin_all_objects).</msg>
</messages>
</response>
What's the point to create a collection from the UI if only admin user can use it and you need to modify the files directly to change this behaviour?
I'm investigating this so that I can figure out a way around this issue. It will be researched under this ticket: https://lukemurphey.net/issues/1713
Update:
Version 2.6 of the Lookup Editor now gives you the ability to change the permissions of the lookup from the lookup list page. This way, you can change the sharing options such that other users can view or edit the collection.
I'm investigating this so that I can figure out a way around this issue. It will be researched under this ticket: https://lukemurphey.net/issues/1713
Update:
Version 2.6 of the Lookup Editor now gives you the ability to change the permissions of the lookup from the lookup list page. This way, you can change the sharing options such that other users can view or edit the collection.
@LukeMurphey - I do not see any way to edit permissions on the list page. I am on v2.7.1 of the Lookuop Editor. I am running this app on an Enterprise Security search head with Splunk v6.5.1 - screenshot - https://imgur.com/a/AR5pv