Trying to disable certain capabilities from roles via rest api, but havent been successful yet. Please help.
What is the rest endpoint url that I should use to disable.
I tried something like https://127.0.0.1:8089/services/authorization/roles/power/capabilities/rtsearch/disable, but this is invalid end point. Splunk documentation has not been very helpful.
I can update the capabilities using the above command.
But any idea how to delete this particular capability? what flag should I use instead of -d?
First, you can GET list of capabilities and remove the role from the list and POST it back.
You can use /authorization/roles/<rolename> enpoint to get and update capabilities of a role. Refer this https://docs.splunk.com/Documentation/Splunk/8.1.1/RESTREF/RESTaccess#authorization.2Froles.2F.7Bnam....
curl -k -u admin:changeme https://localhost:8089/services/authorization/roles/power -d capabilities=search