Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to change saved search permissions via python SDK?

dorilevy
Path Finder
‎01-29-2015 01:10 AM

Hey,

I am looking for a way to change permissions to a saved search via splunk python SDK.

I tried using the splunklib.client post method:

import splunklib.client as client
app = "app_name"
cred = {"user": "admin", "password": "changeme", "port": 8089, "host": "localhost","owner":"admin"}

service = client.connect(app=app,**cred)
service.post('saved/searches/report_name/acl', sharing="app" )

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/splunk_sdk-1.2.3-py2.6.egg/splunklib/binding.py", line 238, in wrapper
    return request_fun(self, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/splunk_sdk-1.2.3-py2.6.egg/splunklib/binding.py", line 62, in new_f
    val = f(*args, **kwargs)
  File "/usr/lib/python2.6/site-packages/splunk_sdk-1.2.3-py2.6.egg/splunklib/binding.py", line 657, in post
    response = self.http.post(path, all_headers, **query)
  File "/usr/lib/python2.6/site-packages/splunk_sdk-1.2.3-py2.6.egg/splunklib/binding.py", line 1089, in post
    return self.request(url, message)
  File "/usr/lib/python2.6/site-packages/splunk_sdk-1.2.3-py2.6.egg/splunklib/binding.py", line 1109, in request
    raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 404 Not Found -- 
 In handler 'savedsearch': Could not find object id=report_name

When i try using curl i get no problem:
curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/app_name/saved/searches/report_name/acl -d sharing=app

Maybe i am doing something wrong? Or maybe there is other way to do it and i am missing it?

Regards,
Dori

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dorilevy
Path Finder
‎02-01-2015 04:01 AM

I didn't find a way to do with the splunklib.client object, but i was able to pass it using the answer to this question (see @flynt answer):

http://answers.splunk.com/answers/144000/modifying-acl-saved-search-permissions-through-rest-api-usi...

Note - Flynt answer is working but the URL there is wrong (or apply to older splunk version). See my comments there.

View solution in original post

Reply
Solved! Jump to solution

elewis1
Explorer
‎07-07-2020 09:31 AM

You had the right idea to post to /acl, but you need to urlencode the parameters.

The following creates a new EventType then changes the permissions afterwards. There does not appear to be a way to assign the roles with the initial create method. The "/acl" link can be derived from links in the returned Stanza object.

from urllib.parse import urlencode

newperms = { "perms.read": "role name 1,role name 2, role name 3", 
                     "perms.write": "role name 1, role name 2",
                    "sharing": "app", "owner": "nobody" 
           }
newet = sdk.confs["eventtypes"].create("test_event_type",sharing="app",app="custom_app")
sdk.post("%s/%s" % (newet.links["alternate"], "acl"), body=urlencode(newperms))

 

0 Karma
Reply
Solved! Jump to solution
Solution

dorilevy
Path Finder
‎02-01-2015 04:01 AM

I didn't find a way to do with the splunklib.client object, but i was able to pass it using the answer to this question (see @flynt answer):

http://answers.splunk.com/answers/144000/modifying-acl-saved-search-permissions-through-rest-api-usi...

Note - Flynt answer is working but the URL there is wrong (or apply to older splunk version). See my comments there.

Reply
Solved! Jump to solution

Flynt
Splunk Employee
Splunk Employee
‎02-01-2015 08:46 AM

Thank you for your comment @dorilevy, however that example does indeed include the correct URL.

"https://localhost:8089/servicesNS/%s/search/saved/searches/%s/acl" % ("admin", ss)
request = urllib2.Request( url )

It's important to remember the app context the saved search resides in otherwise you will run into an issue where the saved search is not found. For example if I had an app named "MYAPP" and a saved search named "MYSEARCH" the url should reflect that.

https://localhost:8089/servicesNS/admin/MYAPP/saved/searches/MYSEARCH/acl
Reply
Solved! Jump to solution

dorilevy
Path Finder
‎02-02-2015 01:10 AM

Hey @flynt,

You are correct. i missed the app context (my app is not search, that is why i thought it is mistake). Sorry about it, and again - thanks for the solution.

Dori

0 Karma
Reply
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...