We created an app just for us admins in Splunk. All of the dashboards and the searches populating the dashboards are shared within the app.
We added an additional role to the access of an app. A user in this newly-added role opened a dashboard and saw that the panels of the dashboard were not loading. For some reason, ONE panel was visible and was given proper access, however, none of the other panels are visible because the searches driving the panels aren’t given permissions to the new role within the app.
Shouldn’t the new role, when granted to the app, inherit all of the permissions and access to all of the objects shared within the app? I can’t imagine this is by design. If this is the case, we would have to touch each artifact within the app and grant permissions to the newly added role.
Please help! Thanks!
When you created knowledge objects in App at that time if you shared those knowledge objects with particular role instead of Everyone in that case when you'll assign new role to existing App those existing knowledge objects will not change it permission automatically to provide read, write access to new role and you need change permission of each and every knowledge objects so that new role will able to see those knowledge objects.
This is how setup in splunk, to modify multiple knowledge objects you can create ER (Enhacement Request) with Splunk.