Um... A few points here: 1) Splunk runs on the OS as a single user therefore OS permissions are irrelevant. 2) Static assets such as CSS in the appserver/static directory do not have separate default and local configurations. 3) Assuming that you have separate default and local configs, setting permissions on the same stanza at the local level would override the same at the default level (thus "just that guy" would have only the local config, and no one else would have access to any other config)

Your comment about "single use" is irrelevant because not everybody runs "splunk" as user root; in fact many people are of the opinion that splunk should never be running as root so I am finding more and more that it is not running as root. In such cases, this can be exploited.

Also, the users gave CSS as an option (actually as a guess), not necessarily as the only means for this "style" change. In my example, he might build 2 totally different dashboards which could be split (sharing the same name) between .../default/data/ui/views/ and .../local/data/ui/views/. It all depends on what OP means by look.

In this case, I was not referring to "single user" as in "single user mode." If you run Splunk as splunk instead of root Splunk's processes on the OS access files on the OS as only the individual splunk user. If user A and user B log into Splunkweb. Splunk is still accessing data from disk as the single splunk OS user for both of these users. OS permissions cannot not be set for only an individual splunk user.

True enough, let's just agree that the "both OS and" would have been better off not included.