Hi @joeprest  I would recommend having a "service user" which owns these alerts and has the relevant permissions - therefore you do not need to give permissions to individual users. Create a local Splunk user (I like to prefix with svc_ - for example svc_<project>_alerts) and give this specific user the required capabilities. Then change the owner of the alerts to this user. 🌟 Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing ... View more