Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Modifying saved search permissions using the python SDK

erichar7
Explorer
‎06-10-2014 10:10 AM

I'm trying to modify a saved search's permissions using the python SDK and I'm running into problems. Basically I'm not sure how to actually do it or if it's even possible. I can see these settings just fine:

try:
    service = initSplunk() # Returns a client.connect object
except:
    print "Couldn't get a connection"
    exit(1)

for saved_search in service.saved_searches:
    access = saved_search.access
    print"[%s]" % saved_search.name

    for key in access:
        print "   %s = %s" % (key , access[key])

If I run this bit of code on my local splunk install, it prints out the access settings for my one saved search "test_search":

[test_search]
   can_change_perms = 1
   sharing = user
   can_share_global = 1
   app = webtest
   modifiable = 1
   can_list = 1
   can_share_user = 1
   can_share_app = 1
   perms = None
   removable = 1
   can_write = 1
   owner = admin

The problem is, saved_search.access is a splunklib.data.Record which doesn't seem to have any sort of update function. If I try to use saved_search.update, it doesn't recognize "access". I'm not sure if I'm just using the wrong key words here or if this is impossible to do.

Thanks for the assistance!

0 Karma
Reply

dhiren051
New Member
‎04-11-2018 04:36 PM

can somebody please help me here with python code,could you please help me with python code here.

0 Karma
Reply

abhijitmishra
Explorer
‎07-03-2014 01:53 PM

Finally, I could accomplish it in Java. Probably will help you to accomplish it in Python.

  1. Load the savedSearch
  2. Get the path of the savedSearch.
  3. The permission of the savedSearch is called "eai:acl". So to the path of the savedSearch, append "/acl". We'll refer to it as aclPath.
  4. Create an Args class object.Set your arguments into the Arguments class for keys - owner, sharing, perms.read, perms.write
  5. Post using the class ResponseMessage ( String aclPath, Args args)

Java Sample code:

SavedSearch savedSearch = service.getSavedSearches().get("my only saved search"); 
String aclPath = savedSearch.getPath().toString().concat("/acl");
Args args = new Args();
args2.add("owner", "their_user");
args2.add("sharing","app");
args2.add("perms.read", "where_user,queue_user");
args2.add("perms.write", "who_user, which_user");
ResponseMessage rms=service.post(savedSearch.getPath()+"/acl", args2);

Works for me !

Reply

erichar7
Explorer
‎07-07-2014 08:00 AM

Have you found a way to do it in python? I'll keep playing around with it. Looks like I can use urllib2

0 Karma
Reply

erichar7
Explorer
‎07-01-2014 08:56 AM

Unfortunately, I haven't found a solution yet

0 Karma
Reply

abhijitmishra
Explorer
‎06-30-2014 05:28 PM

Did you find any solution, I am trying to do the same using java. I could add to the variable, but unable to update it.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...