I want to grant access to a non-admin role to: | rest /services/authentication/users
, but am not sure what capability that requires.
I've granted the role rest_apps_management but that didn't seem to do the trick.
I would not recommend giving out direct api access. as @somesoni2 suggested it might give more than you want. I would use a scheduled search like the below to maintain a table and give them permissions to that.
| rest /services/authentication/users | table title, realname, roles, type, capabilities | mvexpand capabilities | rename title as username | outputlookup splunk_user_access.csv
is there a index filed you can add as will to show what indexes they have access to?
I would not recommend giving out direct api access. as @somesoni2 suggested it might give more than you want. I would use a scheduled search like the below to maintain a table and give them permissions to that.
| rest /services/authentication/users | table title, realname, roles, type, capabilities | mvexpand capabilities | rename title as username | outputlookup splunk_user_access.csv
Try with change_authentication capability. Please note that this may provide additional access than just GET on /services/authentication/users.