Solved: What capability allows you to search /services/aut...

pkeller · ‎02-15-2017

I want to grant access to a non-admin role to: | rest /services/authentication/users, but am not sure what capability that requires.
I've granted the role rest_apps_management but that didn't seem to do the trick.

starcher · ‎02-15-2017

I would not recommend giving out direct api access. as @somesoni2 suggested it might give more than you want. I would use a scheduled search like the below to maintain a table and give them permissions to that.

| rest /services/authentication/users | table title, realname, roles, type, capabilities | mvexpand capabilities | rename title as username | outputlookup splunk_user_access.csv

View solution in original post

sbattista09 · ‎05-04-2017

is there a index filed you can add as will to show what indexes they have access to?

starcher · ‎02-15-2017

I would not recommend giving out direct api access. as @somesoni2 suggested it might give more than you want. I would use a scheduled search like the below to maintain a table and give them permissions to that.

| rest /services/authentication/users | table title, realname, roles, type, capabilities | mvexpand capabilities | rename title as username | outputlookup splunk_user_access.csv

somesoni2 · ‎02-15-2017

Try with change_authentication capability. Please note that this may provide additional access than just GET on /services/authentication/users.

What capability allows you to search /services/authentication/users?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms