What is the REST API Post command to append existi...

harshal_chakran · ‎05-13-2019

Hi all,
Is there any REST API command to add/append single or multiple roles to specific user.

For e.g. user "SplunkUser" is already present in Splunk with role assigned to it as "role1".

Which REST API command should be run to add roles "role2" and "role3" to User "SplunkUser".

Following command I been running, but it replaces the existing role with new roles and not appending it.

curl -k -u username:password     <hostdetails>/services/authentication/users/SplunkUser -d roles="role2" -d roles="role3"

Please help..!!!

DavidHourani · ‎05-14-2019

Hi @harshal_chakranarayan,

Have a look at the rest reference sheet for access control configuration :

https://docs.splunk.com/Documentation/Splunk/7.2.6/RESTREF/RESTaccess

I think you're looking for this endpoint specifically :
https://docs.splunk.com/Documentation/Splunk/7.2.6/RESTREF/RESTaccess#admin.2FProxySSO-user-role-map

Cheers,
David

somesoni2 · ‎05-13-2019

AFAIK, there is no append option in that. I believe what you could do is to use the GET request for same endpoint to get currently assigned role and then pass that as one of the -d roles=... parameter (assuming you're doing it programmatically).

harshal_chakran · ‎05-14-2019

Hi, thanks for replying.
Yeah, Didn't find any mentioned in Splunk Docs on direct rest command for update.
Will have to solve this by firing GET command first, then append with new roles via program/script and fire the results in POST command..
I wish there was any simpler way.

What is the REST API Post command to append existing native user's role?

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?