Any documentation or examples on how I can secure access via REST API? Specifically, we want to restrict access to GET (no POST) and we want the standard granular access control to indexes, sources, sourcetypes, etc.
I'd also like to restrict access to specific endpoints.
Can this be done?
It took us awhile for Graphistry -- search
and rest_properies_get
(https://answers.splunk.com/answers/60259/rest-api-permissions-issue.html?utm_source=answers&utm_medi...).
Is it possible to specify the endpoints you do not want to grant visibility and then not allow access to them?
Are there any answers as to how to restrict access to specific endpoints?
I have a case open with Splunk.. Case 325092
Is there a way to restrict access to specific endpoints only?
Have a look here :
http://docs.splunk.com/Documentation/Splunk/5.0/admin/authorizeconf
There are 2 specific REST capabilitys you can assign to a role :
[capability::rest_properties_get]
* Required to get information from the services/properties endpoint.
[capability::rest_properties_set]
* Required to edit the services/properties endpoint.
In Manager :
This may be useful for allowing ACCESS to specific roles, but they loose a lot of options in terms of UI access as well since they are just endpoints.
Lets say we disable the set capability, the real concern is that they still have read access. Disabling the get capability is going a little too far in my opinion.
Definitely it can be done. I'm not sure about what's involved in setting that up administratively, but our installation requires authentication and access to hit various endpoints.
These pages describe authentication and authorization for the Splunk REST API:
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTaccess
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTusing#Authentication
Essentially, use auth/login to get the session key, and then pass the session key along in an HTTP header (Authorization request header) to get access to a given endpoint.