Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help in identifying the capabilities for REST search to fetch User/Role/App details

harshal_chakran
Builder
‎05-09-2019 04:50 AM

Hi all,
I have the below rest searches to fetch the User, Role and Application details, respectively.

  • | rest /services/authentication/users
  • | rest /services/authorization/roles
  • | rest /services/apps/local

However, am not able to define the exact read only capabilities for my role to assign, so I can run these searches to get the results.

Below are the capabilities I investigated:
edit_roles
edit_user
rest_properties_get
search

However, am not getting the entire application list as compared to Admin role. Also the edit_roles and edit_user are giving write permission and am looking for read permission only.

Please help.

0 Karma
Reply

koshyk
Super Champion
‎05-14-2019 02:57 AM

Please check if the answer https://answers.splunk.com/answers/745460/rest-call-in-subsearch.html helps you
The original query is for indexes, but you can put the other REST endpoints change to see if it works.

0 Karma
Reply

adonio
Ultra Champion
‎05-13-2019 05:37 PM

Can you elaborate a little here?
what is the problem you are trying to solve?
What is the outcome / search output you are anticipating?

0 Karma
Reply

harshal_chakran
Builder
‎05-14-2019 08:14 AM

I have a certain dashboard listing all Splunk users and what role-capabilities are assigned to them. For which I have used the above mentioned Rest API commands.

However the dashboard users are not able to see the results as they don't below capabilities.

edit_roles
edit_user
rest_properties_get
search

If I assign these capabilities to them, then they can delete/update the user-role information from GUI settings, which I don't want.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...