When having lookups contained within an app, is it possible to set user permissions at the 'app' level as opposed to editing the .meta file contained within the app for each individual lookup?
We have two groups of end users. I would like to create an app for each, so that lookups used by each group are stored within the relevant app.
Then, rather than have to edit the default.meta every time a new lookup is added to provide that group write access, I'd like to set the permissions against that app, so that the permissions are inherited down to the lookups contained within.
Splunk's management interface allows you to edit lookup table permissions in the UI.
Additionally, the Lookup File Editor app includes a link to adjust permissions in the lookup list (see the link for "Edit Permissions"):
You can change permissions on the SPlunk UI, Settings->Lookups->Lookup table files. You have Sharing column under which you can change permissions . Is that what you are looking for?