Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Modifying saved search permissions using the python SDK

erichar7
Explorer
‎06-10-2014 10:10 AM

I'm trying to modify a saved search's permissions using the python SDK and I'm running into problems. Basically I'm not sure how to actually do it or if it's even possible. I can see these settings just fine:

try:
    service = initSplunk() # Returns a client.connect object
except:
    print "Couldn't get a connection"
    exit(1)

for saved_search in service.saved_searches:
    access = saved_search.access
    print"[%s]" % saved_search.name

    for key in access:
        print "   %s = %s" % (key , access[key])

If I run this bit of code on my local splunk install, it prints out the access settings for my one saved search "test_search":

[test_search]
   can_change_perms = 1
   sharing = user
   can_share_global = 1
   app = webtest
   modifiable = 1
   can_list = 1
   can_share_user = 1
   can_share_app = 1
   perms = None
   removable = 1
   can_write = 1
   owner = admin

The problem is, saved_search.access is a splunklib.data.Record which doesn't seem to have any sort of update function. If I try to use saved_search.update, it doesn't recognize "access". I'm not sure if I'm just using the wrong key words here or if this is impossible to do.

Thanks for the assistance!

0 Karma
Reply

dhiren051
New Member
‎04-11-2018 04:36 PM

can somebody please help me here with python code,could you please help me with python code here.

0 Karma
Reply

abhijitmishra
Explorer
‎07-03-2014 01:53 PM

Finally, I could accomplish it in Java. Probably will help you to accomplish it in Python.

  1. Load the savedSearch
  2. Get the path of the savedSearch.
  3. The permission of the savedSearch is called "eai:acl". So to the path of the savedSearch, append "/acl". We'll refer to it as aclPath.
  4. Create an Args class object.Set your arguments into the Arguments class for keys - owner, sharing, perms.read, perms.write
  5. Post using the class ResponseMessage ( String aclPath, Args args)

Java Sample code:

SavedSearch savedSearch = service.getSavedSearches().get("my only saved search"); 
String aclPath = savedSearch.getPath().toString().concat("/acl");
Args args = new Args();
args2.add("owner", "their_user");
args2.add("sharing","app");
args2.add("perms.read", "where_user,queue_user");
args2.add("perms.write", "who_user, which_user");
ResponseMessage rms=service.post(savedSearch.getPath()+"/acl", args2);

Works for me !

Reply

erichar7
Explorer
‎07-07-2014 08:00 AM

Have you found a way to do it in python? I'll keep playing around with it. Looks like I can use urllib2

0 Karma
Reply

erichar7
Explorer
‎07-01-2014 08:56 AM

Unfortunately, I haven't found a solution yet

0 Karma
Reply

abhijitmishra
Explorer
‎06-30-2014 05:28 PM

Did you find any solution, I am trying to do the same using java. I could add to the variable, but unable to update it.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...