Getting Data In

Modify Splunk user role via the REST API

brent_weaver
Builder

I have about 125 accounts I need to change the role on. This has to be possible via the REST API. Any thoughts from anyone out there in splunk land?

woodcock
Esteemed Legend

I'd edit the configuration file from the CLI. By the time you scripted a solution via the REST API, you could have hand-typed the changes (of course you should be using search-and-replace tools, not hand editing everything)

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

If this is related to https://answers.splunk.com/answers/561656/adding-users-via-rest-api-on-search-head-cluster.html then don't touch config files on the search heads. SHC doesn't like that.

woodcock
Esteemed Legend

It does if you do it on the Deployer 😆

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Ideally, you'd move the users into different groups in your LDAP, or map the users' group to a different role in your LDAP mapping inside of splunk.

Failing that, you can of course modify users via REST - after all, any click you do in the UI translates to a REST call under the hood. Check out http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTaccess#authentication.2Fusers - the POST takes a roles parameter to update role assignment.

0 Karma
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...