Help in identifying the capabilities for REST sear...

harshal_chakran · ‎05-09-2019

Hi all,
I have the below rest searches to fetch the User, Role and Application details, respectively.

| rest /services/authentication/users
| rest /services/authorization/roles
| rest /services/apps/local

However, am not able to define the exact read only capabilities for my role to assign, so I can run these searches to get the results.

Below are the capabilities I investigated:
edit_roles
edit_user
rest_properties_get
search

However, am not getting the entire application list as compared to Admin role. Also the edit_roles and edit_user are giving write permission and am looking for read permission only.

Please help.

koshyk · ‎05-14-2019

Please check if the answer https://answers.splunk.com/answers/745460/rest-call-in-subsearch.html helps you
The original query is for indexes, but you can put the other REST endpoints change to see if it works.

adonio · ‎05-13-2019

Can you elaborate a little here?
what is the problem you are trying to solve?
What is the outcome / search output you are anticipating?

harshal_chakran · ‎05-14-2019

I have a certain dashboard listing all Splunk users and what role-capabilities are assigned to them. For which I have used the above mentioned Rest API commands.

However the dashboard users are not able to see the results as they don't below capabilities.

edit_roles
edit_user
rest_properties_get
search

If I assign these capabilities to them, then they can delete/update the user-role information from GUI settings, which I don't want.

Help in identifying the capabilities for REST search to fetch User/Role/App details

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!