Knowledge Management

Can you change reports/dashboard permissions from the rest api?

klim
Path Finder

Is it possible to change a report or dashboard's permissions from the rest api? 

Labels (1)
0 Karma
1 Solution

Tom_Lundie
Contributor

It is! You will need to POST to the particular configuration's ACL Endpoint.

The above documentation details some example curl commands. You will be interested in POSTing to:

https://localhost:8089/servicesNS/-/-/saved/searches/myreport/acl 
and
https://localhost:8089/servicesNS/-/-/data/ui/views/mydashboard/acl

If you need a hand structuring the request body then let me know!

View solution in original post

0 Karma

Tom_Lundie
Contributor

It is! You will need to POST to the particular configuration's ACL Endpoint.

The above documentation details some example curl commands. You will be interested in POSTing to:

https://localhost:8089/servicesNS/-/-/saved/searches/myreport/acl 
and
https://localhost:8089/servicesNS/-/-/data/ui/views/mydashboard/acl

If you need a hand structuring the request body then let me know!

0 Karma

klim
Path Finder

Is this able to be done on the search line using the rest command? I can use the rest command to return all the saved searches but not sure how I can add the request body?

0 Karma

Tom_Lundie
Contributor

Hi @klim,

Unfortunately, not.

| rest can only be used to perform GET requests. You cannot use any other HTTP method.

If you want to do this with a Splunk search (and not a different program like curl) then I would consider a custom command / alert action. There is some old stuff kicking around on Splunkbase that might be able to help but I haven't seen anything that is supported on Splunk 9.x.

 

0 Karma

klim
Path Finder

I was trying to just see the permissions with the curl of a private saved search but I always return a 

"Could not find object id=abc"

Is it not possible to see private objects permissions with an admin user?

 

curl -k -u username:password https://127.0.0.1:8089/servicesNS/admin/search/saved/searches/abc/acl

Edit: Figured it out. I needed to change the username in the url from admin to the owner of the saved search.

 

Tom_Lundie
Contributor
curl -k -u username:password https://127.0.0.1:8089/servicesNS/admin/search/saved/searches/abc/acl

The servicesNS API (services namespace) explicitly uses user/app contexts (namespaces) to fetch results.

servicesNS/<<user>>/<<app>>

In order for the abc search to be shown, it must be visible to that <<user>> in that <<app>>.

You can use the servicesNS/-/-/ endpoint to return all namespace contexts e.g:

curl -k -u username:password https://127.0.0.1:8089/servicesNS/-/-/saved/searches/abc/acl

  

0 Karma

klim
Path Finder

Darn. Thanks for your help. Probably will go down the custom command route.

0 Karma

bowesmana
SplunkTrust
SplunkTrust

https://splunkbase.splunk.com/app/4146

Webtools TA has a custom curl command and can do POST - it's a bit tricky sometimes to get the right data into the headers and body as I believe there was once a bug in the extracting of JSON data used for headers, but if you know python, it's easy enough to tweak it.

 

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...