Couple of details...
I'm running a 2 search server model, but only running the query on search01.
Both search servers are pulling configs in a shared nfs directory, and I can verify it has the right configs when I run ./splunk cmd btool authorize list
Authorize.conf is in
/opt/splunk/(nfs symlink dir)/etc/apps/search_base/local/
I restarted the service.
Here's my authorize.conf for this particular user's role:
importRoles = bi
rtSrchJobsQuota = 0
srchDiskQuota = 3000
srchJobsQuota = 0