I have a role called accessadmin, with capabilities edit_roles and edit_user.

When I try to use it to create another role with a default app, I get an error. Here's the Java code :

Role createdRole = service.getRoles().create("someRole");
createdRole.setImportedRoles(parentRole);
createdRole.setSearchFilter(searchFilter);
createdRole.setDefaultApp(defaultApp);
createdRole.update();

And the error message :

com.splunk.HttpException: HTTP 403 -- User 'accessadmin' with roles { accessadmin } cannot write: /nobody/user-prefs/user-prefs/role_someRole { read : [ * ], write : [ admin ] }, removable: no

Crucially, there is no error if I create the same role without specifying a default app.

I'm using Splunk 6.3.2 in a docker container.