I've just tested this out under the following scenarios:

• A nav menu with two submenus, one of which is accessible by a test user.
• A nav menu with two submenus, both of which are inaccessible by a test user.

Once the permissions are removed for the submenu items for the test user, they both still appear (Despite returning a 500 or 404 error when the user clicks on each of the submenu items).

i.e. under both scenarios, the top-level nav menu is visible, as are both the submenus, regardless of whether the user has access to the submenu options or not.

Is there some other permission control needed to ensure the entire collection (or an individual submenu) disappears for users without access to submenus of that collection?

Could you send a screenshot of the navigation default xml file ?

{Unable to upload images in comment, only an answer.}

Seems image cannot be posted. Just put the xml text

default.xml:

<nav color="#959395">
  <view name="APP_landing_page" default='true' />

  <collection label="Live Env">
    {Other items removed}
  </collection>

<collection label="Testing Env - Collection_test">

    <!-- An admin option to which the test user has no access -->
    <a href="/app/manager/testing/fields">Update fields</a>
    <a href="/app/testing/app_authapp">Service Usage</a>
  </collection>

  <view name="search" />

  <collection label="About">
    <a href="linking">Link for the About section</a>
  </collection>

</nav>

Edit: Can a moderator please remove the answer below?

None other than not realising there was an alternative way of doing it.
the .xml above was based on other online examples of Splunk navs.
source: https://answers.splunk.com/answers/96443/a-link-to-another-apps-in-navigation-menu.html

Can you please elaborate?
Do you mean that all the hrefs need to be turned into views?

For example:

<a href="/app/testing/app_authapp">Service Usage</a>

would become:

<view name="Service Usage">

In your case is better to use the "view" tag. Only thing is if your views belong to a diff app you will need to make them global (shared so the other apps can see it) and also make sure the names are different, that way when you are referencing a specific view by name there is only one possible match.

I would use the "a href" tag to reference external website or when the dashboards have same names so I need to specify the app names. The problem is the "permissions" do not work properly.

Thanks mgarciar.
All working now. Changing from tags to views did the trick.

As I was already trying to simplify permissions for the 2 x apps, found it easier to migrate them both into the one app and avoid having to jump between multiple apps depending on with nav option the user chose.

Ok. If you use the

a href

tag the default permission won't work. All what I said works for if you usie the tag

view

Each "option" would be part of a separate app.
i.e. Each top-level entry on the nav menu would be part of a separate application.

So if I understand you correctly, one doesn't need to specifically set the permissions on the nav submenu items for them to only appear to users of that particular security level?
i.e. the nav submenu items inherit the permissions of the actual item the menu refers to itself (the destination when the menu item is clicked on).

For example, if there was a nav menu top level item of "Live" (an environment-specific app), with options underneath of "Reports", "Alerts" (etc), these would only show up on the nav menu for a user with permissions allowing access to views for Reports and Alerts in the Live app, correct?

Yes and if all subitems from a Menu Item are not visible, the Menu Item (Collection tag) won't be visible at all.

Thanks mgarciar.
I understand that 2nd-level options underneath the nav text (for instance, the sub-items items underneath "Live" in the menu sample of my OP) would disappear if the user has no access to them.

How does this work though for the text of the nav menus themselves i.e. the "About", "Test", "Reports" and "Notifications" menus above?
They are currently displayed on the nav menu via a "collection" and text label:

Submenu 1
Submenu 2
etc..

The label text being the actual text that is displayed on the nav menu at the top level.
Using your suggestion, how would a permission be associated with that label to determine whether the top-level menu should be displayed or not when compared to the user's permissions/capabilities?

If the user doesn't have access to the Live environment, I don't want the "Live" option to appear at all on the nav menu.

Thanks.

If your properly create roles and assign access permissions to the dashboards (or apps if each option is part of a separate app) based on the roles the navigation menu will automatically remove the items the user does not have access.
One limitation (as far as I know), your menu need to reference the views using the tags and not the tag.