Ran into the same request... In my case, at least, they are looking to execute the `sendemail` command, and they are state that `list_settings` capability will provide them with the ability to... as I've assigned direct roles of `ess_admin` (not an intended option from the RBAC design of ES, but we did this anyway), and `ess_analyst`.  It is stated neither role can use `sendemail`. I've located the following: https://docs.splunk.com/Documentation/Splunk/8.2.1/Alert/Emailnotification#Prerequisites       To send an email notification within a search to a mail server that does not require SMTP authentication, your role must have the list_settings capability. By default, only the admin, splunk-system-role, and can_delete roles have the list_settings capability. If you want to allow users not belonging to any of these roles to send email notifications using the sendemail command in their search, you must assign them the list_settings and schedule_search capabilities.       And this link: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/SearchReference/Sendemail#Capability_requirements     To use sendemail, your role must have the schedule_search and list_settings capabilities.       However, this post contradicts that documentation: https://community.splunk.com/t5/Splunk-Search/What-capabilities-are-required-for-the-quot-sendemail-quot/m-p/397465/highlight/true#M115367 Here I might grant permission to the roles (`ess_admin`, `ess_analyst`), but this still wouldn't allow those roles the ability to actually obtain the SMTP settings, which I imagine `list_settings` allows them to do.... because it's named "list_settings" and, as you linked, this capability...     Lets the user list and view server and introspection settings such as the server name, log levels, etc.       Hope this helps, Matt ... View more