Hi,
I have a customer who would like to interact with Splunk, via REST. How do I enable an account to have REST access?
However, a regular user can access their saved searches, but cannot, for example, enumerate or modify inputs.
The docs do not cover this use case, so I will be updating them to better answer this question.
Any admin user can access the REST API.
Refer to the REST API Reference manual for details: http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents
Be sure to read the section "Splunk REST API basics": http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTusing
Access to the REST endpoints is covered by the capabilities for a role. By default, an admin user role has the capabilities to access all of the public REST API.
By default, a user role has access based on the capabilities for that role. This includes access to searches, listing inputs, or getting information from the services/properties endpoint.
If you want a non-admin user to have additional access, you need to create a role for the user and then add the specific capabilities you want the user to have access to.
What about non-admin? I don't want to be giving out admin access to anyone but support personnel.