Security

Add mutiple users to a role at one Go

ma_anand1984
Contributor

How to add mutiple users to a newly created role at one go?
Curently i go to each user and add role manually... it runs into hundreds of users and it terrible 😞

Tags (4)
1 Solution

ziegfried
Influencer

As an alternative you could script it using splunk's CLI. Eg. on Linux by putting the users into a text file:

users.txt:

user1
user2
user3

the then run

splunk login && cat users.txt | while read user; do splunk edit user $user -role some_role; done

This will assign all users in the text file to the role "some_role".

View solution in original post

ziegfried
Influencer

As an alternative you could script it using splunk's CLI. Eg. on Linux by putting the users into a text file:

users.txt:

user1
user2
user3

the then run

splunk login && cat users.txt | while read user; do splunk edit user $user -role some_role; done

This will assign all users in the text file to the role "some_role".

ma_anand1984
Contributor

Thank you so much 🙂
where can i find more info on this, like commands. Any link to tutor ?

0 Karma

rajuljain2605
Explorer

Hi,
Thanks much for above guide, I have few doubt/queries-
1) Above command edited the roles of users in users.txt and added "some role", Please suggest command only to add role with no changes in existing role.
2)Above script modify roles of 1st user in users.txt, but not others. It has thrown below error-

User rajul.jain edited.
Argument "roles" is not supported by this handler.
Argument "roles" is not supported by this handler.

My users.txt looks like this

cat /home/rjain/users.txt

rajul.jain
shas.sin
prath.bal

Please suggest..

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

It's probably best do this by editing the authorize.conf config files (though this will require a restart of Splunk), or by coding against the Splunk REST API.

ma_anand1984
Contributor

any link to quick start guide on REST API. this is the first time im hearing this

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...