Getting Data In
Highlighted

Modify Splunk user role via the REST API

Builder

I have about 125 accounts I need to change the role on. This has to be possible via the REST API. Any thoughts from anyone out there in splunk land?

Highlighted

Re: Modify Splunk user role via the REST API

SplunkTrust
SplunkTrust

Ideally, you'd move the users into different groups in your LDAP, or map the users' group to a different role in your LDAP mapping inside of splunk.

Failing that, you can of course modify users via REST - after all, any click you do in the UI translates to a REST call under the hood. Check out http://docs.splunk.com/Documentation/Splunk/6.6.2/RESTREF/RESTaccess#authentication.2Fusers - the POST takes a roles parameter to update role assignment.

0 Karma
Highlighted

Re: Modify Splunk user role via the REST API

Esteemed Legend

I'd edit the configuration file from the CLI. By the time you scripted a solution via the REST API, you could have hand-typed the changes (of course you should be using search-and-replace tools, not hand editing everything)

0 Karma
Highlighted

Re: Modify Splunk user role via the REST API

SplunkTrust
SplunkTrust

If this is related to https://answers.splunk.com/answers/561656/adding-users-via-rest-api-on-search-head-cluster.html then don't touch config files on the search heads. SHC doesn't like that.

Highlighted

Re: Modify Splunk user role via the REST API

Esteemed Legend

It does if you do it on the Deployer 😆

0 Karma