topic Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise) in Splunk Dev

Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

martinalbert — Fri, 02 Jun 2023 07:47:29 GMT

Hello, I’m currently working with the Splunk API and I would love some clarification on a few points related to user provisioning.

Through my testing of the Enterprise on-premise API, I’ve found multiple options for listing user-related entities, such as different namespaces, and methods for listing entities (users, roles, and permissions) in various services (admin and authentication services) as well as different platforms and products.

I would appreciate any guidance regarding the user provisioning domain and how user provisioning works across Splunk products, platforms and services.

Here are my questions:
1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?
2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?
3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

VatsalJagani — Tue, 06 Jun 2023 06:04:45 GMT

@martinalbert - Here are answers to your questions:

1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?

A. Yes similar structure, but may not be exactly same.

2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?

A. Yes similar structure, but may not be exactly same.

3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

A. ACL (Sharing) in Splunk is not related to role, but rather related to Users and Apps.

I hope this helps!!!

Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

martinalbert — Tue, 06 Jun 2023 12:02:08 GMT

Thank you @VatsalJagani, I appreciate it, but would need more detailed informations regarding the differences.

You mentioned that they may not be exactly the same. Can you elaborate on what you meant by "not exactly the same"?

Also regarding the ACL, I understand that it's related to Users and Apps, but how is ACL setup for specific entities? The screenshot you provided mentions that entity owners always have read/write permission, what about other users, how can I setup ACL permissions for them?

Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

VatsalJagani — Tue, 06 Jun 2023 12:24:31 GMT

@martinalbert - You need to find the exact difference from the Rest Endpoint reference document as below:

For Splunk Enterprise - https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTREF/RESTlist
For Splunk Cloud - https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTREF/RESTprolog

For ACL, you can set the permission for each object for other users. (From Edit Permissions)

Actually my bad in my initial response, I mentioned there is nothing for roles, but you can set read/write permission per role.

I hope this helps!!!

Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

martinalbert — Tue, 06 Jun 2023 14:38:44 GMT

Thanks @VatsalJagani, based on reference manual, they should be identical, there is just one documentation page that makes me unsure and that is ACS API manual for cloud platform.

What is the difference in using ACS API and standard API for listing users for example?

Re: Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

VatsalJagani — Wed, 07 Jun 2023 08:37:37 GMT

They are also similar but slight differences for example, Splunk cloud has sc_admin role vs enterprise version has admin role.

* So some small differences but otherwise its very similar.