https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/656215#M17246 <P>schedule_search is all you need from my experience</P> Thu, 31 Aug 2023 09:16:38 GMT damode1 2023-08-31T09:16:38Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151458#M4613 <P>I want to create a user that can ONLY access Splunk via the REST API and run (potentially only saved) searches. </P> <P>What are the minimum capabilities needed to login via REST and access saved searches? I know I need rest_properties_get but what is the bare minimum needed to login and search.</P> Mon, 28 Sep 2020 19:00:31 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151458#M4613 ckurtz 2020-09-28T19:00:31Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151459#M4614 <P>In my environment the user role already had the following rest-related capabilities:<BR /> rest_apps_view<BR /> rest_properties_get<BR /> rest_properties_set</P> <P>It turned out that this was not enough to allow a user to authenticate, I created a new role and found that just by adding a single capability the user was able to authenticate and use the API:<BR /> rest_apps_management</P> Tue, 29 Sep 2020 07:19:16 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151459#M4614 tmillay 2020-09-29T07:19:16Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151460#M4615 <P>It does not seem possible at the moment. (Tested on 6.3.3.) A new user, with only a role with no inheritance and no capabilities, can still log into the UI of Splunk.</P> <P>What you can do is go through the permissions of each and every app (Apps &gt; Manage Apps &gt; "Permissions" on every one "visible") to disable. This won't disable logons to the UI but will render the UI effectively useless.</P> <P>(Keep in mind that any field extractions and knowledge objects in a visible app will then not be available for you - so keep all knowledge objects in separate, non "visible" Technology Add-ons if you want your API-only user to be able to use them!)</P> Fri, 08 Apr 2016 09:37:46 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151460#M4615 Jason 2016-04-08T09:37:46Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151461#M4616 <P>It took us awhile for Graphistry - <CODE>search</CODE> and <CODE>rest_properties_get</CODE>. You should verify, but that appears to preclude web login as desired as well.</P> Wed, 08 Aug 2018 02:10:14 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/151461#M4616 leomeyerovich 2018-08-08T02:10:14Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/631788#M16601 <P>It's an old question, but i came though the same issue.<BR />You have to enable "<EM><STRONG>dispatch_rest_to_indexers</STRONG></EM>" for the Role to query also Indexers rest api (like Storage or any other api inside Indexers side).</P> Wed, 22 Feb 2023 06:35:45 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/631788#M16601 verbal_666 2023-02-22T06:35:45Z https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/656215#M17246 <P>schedule_search is all you need from my experience</P> Thu, 31 Aug 2023 09:16:38 GMT https://community.splunk.com/t5/Security/What-capabilities-does-a-REST-API-only-user-need/m-p/656215#M17246 damode1 2023-08-31T09:16:38Z