- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Re: Modifying saved search permissions using the p...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Modifying saved search permissions using the python SDK
I'm trying to modify a saved search's permissions using the python SDK and I'm running into problems. Basically I'm not sure how to actually do it or if it's even possible. I can see these settings just fine:
try:
service = initSplunk() # Returns a client.connect object
except:
print "Couldn't get a connection"
exit(1)
for saved_search in service.saved_searches:
access = saved_search.access
print"[%s]" % saved_search.name
for key in access:
print " %s = %s" % (key , access[key])
If I run this bit of code on my local splunk install, it prints out the access settings for my one saved search "test_search":
[test_search]
can_change_perms = 1
sharing = user
can_share_global = 1
app = webtest
modifiable = 1
can_list = 1
can_share_user = 1
can_share_app = 1
perms = None
removable = 1
can_write = 1
owner = admin
The problem is, saved_search.access is a splunklib.data.Record which doesn't seem to have any sort of update function. If I try to use saved_search.update, it doesn't recognize "access". I'm not sure if I'm just using the wrong key words here or if this is impossible to do.
Thanks for the assistance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can somebody please help me here with python code,could you please help me with python code here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally, I could accomplish it in Java. Probably will help you to accomplish it in Python.
- Load the savedSearch
- Get the path of the savedSearch.
- The permission of the savedSearch is called "eai:acl". So to the path of the savedSearch, append "/acl". We'll refer to it as aclPath.
- Create an Args class object.Set your arguments into the Arguments class for keys - owner, sharing, perms.read, perms.write
- Post using the class ResponseMessage ( String aclPath, Args args)
Java Sample code:
SavedSearch savedSearch = service.getSavedSearches().get("my only saved search");
String aclPath = savedSearch.getPath().toString().concat("/acl");
Args args = new Args();
args2.add("owner", "their_user");
args2.add("sharing","app");
args2.add("perms.read", "where_user,queue_user");
args2.add("perms.write", "who_user, which_user");
ResponseMessage rms=service.post(savedSearch.getPath()+"/acl", args2);
Works for me !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you found a way to do it in python? I'll keep playing around with it. Looks like I can use urllib2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, I haven't found a solution yet
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find any solution, I am trying to do the same using java. I could add to the variable, but unable to update it.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
