Yes, the alerts are all granted Read/Write for the app itself.

And the other people also have the right permissions to run the search itself? That is, can they run the search on its own, outside of clicking the link in the email? Just covering the basics here.

Yes, I've confirmed with others. I watched another person open the saved alert and open it in search as well. Additionally, clicking on the alert name in the email allows everyone to view the alert (and open in search from there), but the "View results" button does not work unless it's me.

Is it possible that this is related to the email link format? Links are showing up as /en-us/app/$APP_NAME/@go?sid=scheduler__$USER. Seems like only $USER is able to use the link.

Hi @kpyfan,
A couple of troubleshooting questions:

What software version are you using? I see your post is tagged "6.3.0"--could you confirm?

Is the alert scheduled or real-time?

Splunk Enterprise 6.3.0.1, alert is scheduled.

Thank you for the update! I believe this is a known issue and it has been fixed as of 6.3.2. If you are able to upgrade, I think this will solve the problem.

See http://docs.splunk.com/Documentation/Splunk/6.3.2/ReleaseNotes/6.3.2#Search.2C_saved_search.2C_alert...

Issue SPL-108433

Awesome, thanks for the help guys! We will work on getting upgraded!

The defect summary (SPL-108433) is "Power user having read and write permissions for a saved search owned by an admin user is unable to view results from scheduled email," which sounds just like your issue.