Getting Data In

Modify Splunk user role via the REST API

brent_weaver
Builder

I have about 125 accounts I need to change the role on. This has to be possible via the REST API. Any thoughts from anyone out there in splunk land?

woodcock
Esteemed Legend

I'd edit the configuration file from the CLI. By the time you scripted a solution via the REST API, you could have hand-typed the changes (of course you should be using search-and-replace tools, not hand editing everything)

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

If this is related to https://answers.splunk.com/answers/561656/adding-users-via-rest-api-on-search-head-cluster.html then don't touch config files on the search heads. SHC doesn't like that.

woodcock
Esteemed Legend

It does if you do it on the Deployer 😆

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Ideally, you'd move the users into different groups in your LDAP, or map the users' group to a different role in your LDAP mapping inside of splunk.

Failing that, you can of course modify users via REST - after all, any click you do in the UI translates to a REST call under the hood. Check out http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTaccess#authentication.2Fusers - the POST takes a roles parameter to update role assignment.

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...