Getting Data In

Modify Splunk user role via the REST API

brent_weaver
Builder

I have about 125 accounts I need to change the role on. This has to be possible via the REST API. Any thoughts from anyone out there in splunk land?

woodcock
Esteemed Legend

I'd edit the configuration file from the CLI. By the time you scripted a solution via the REST API, you could have hand-typed the changes (of course you should be using search-and-replace tools, not hand editing everything)

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

If this is related to https://answers.splunk.com/answers/561656/adding-users-via-rest-api-on-search-head-cluster.html then don't touch config files on the search heads. SHC doesn't like that.

woodcock
Esteemed Legend

It does if you do it on the Deployer 😆

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Ideally, you'd move the users into different groups in your LDAP, or map the users' group to a different role in your LDAP mapping inside of splunk.

Failing that, you can of course modify users via REST - after all, any click you do in the UI translates to a REST call under the hood. Check out http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTaccess#authentication.2Fusers - the POST takes a roles parameter to update role assignment.

0 Karma
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...