Users who have the "edit_user" capability are unable to set a users default app. Also I cannot find any suitable capability for this task. It seems that really powerful capabilities like "admin_all_objects" are necessary for this simple task. Could you tell me, which is a suitable capability for a user administrator who should create users and assign default apps only?
I cannot find out, how the inheritance of the default app from a role is supposed to work when using Splunk user administration. Upon creating a new user, it is always necessary to select at least one app. Even if the user is created by a user administrator that may not set a default app (see point 1), the app will be Launcher(Home) always. The inheritance seems to never have any effect when using the Splunk user administration as there is no "default" item to select nor can the field be left empty. How is this supposed to work? I cannot find an answer in the docs unfortunately.
admin_all_objects is the only capability through which you can achieve this. In splunk, setting a users' default app can be changed using user Preferences. Only admin can change any user's default app and no one else. What is the use case that any user can change other users' default app ? https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/User-prefsconf
Default app from role is inherited because all users must have some app selected as default app. So, splunk will by default have an app inherited from their role, any user can change it from Preferences tab.
For an example, if I create a role and I want all users with xyz app to have default then, I can be control while assigning the role to any user. After that, users' preference is considered highest which will override the inherited app from the role.
I upvoted your question because your '2nd challenge' matches mine. It appears to me that the option to NOT select any default app is missing...
Hopefully some Splunk professional takes time to find a more convenient answer.
